ssl_lib.c 207 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161616261636164616561666167616861696170617161726173617461756176617761786179618061816182618361846185618661876188618961906191619261936194619561966197619861996200620162026203620462056206620762086209621062116212621362146215621662176218621962206221622262236224622562266227622862296230623162326233623462356236623762386239624062416242624362446245624662476248624962506251625262536254625562566257625862596260626162626263626462656266626762686269627062716272627362746275627662776278627962806281628262836284628562866287628862896290629162926293629462956296629762986299630063016302630363046305630663076308630963106311631263136314631563166317631863196320632163226323632463256326632763286329633063316332633363346335633663376338633963406341634263436344634563466347634863496350635163526353635463556356635763586359636063616362636363646365636663676368636963706371637263736374637563766377637863796380638163826383638463856386638763886389639063916392639363946395639663976398639964006401640264036404640564066407640864096410641164126413641464156416641764186419642064216422642364246425642664276428642964306431643264336434643564366437643864396440644164426443644464456446644764486449645064516452645364546455645664576458645964606461646264636464646564666467646864696470647164726473647464756476647764786479648064816482648364846485648664876488648964906491649264936494649564966497649864996500650165026503650465056506650765086509651065116512651365146515651665176518651965206521652265236524652565266527652865296530653165326533653465356536653765386539654065416542654365446545654665476548654965506551655265536554655565566557655865596560656165626563656465656566656765686569657065716572657365746575657665776578657965806581658265836584658565866587658865896590659165926593659465956596659765986599660066016602660366046605660666076608660966106611661266136614661566166617661866196620662166226623662466256626662766286629663066316632663366346635663666376638663966406641664266436644664566466647664866496650665166526653665466556656665766586659666066616662666366646665666666676668666966706671667266736674667566766677667866796680668166826683668466856686668766886689669066916692669366946695669666976698669967006701670267036704670567066707670867096710671167126713671467156716671767186719672067216722672367246725672667276728672967306731673267336734673567366737673867396740674167426743674467456746674767486749675067516752675367546755675667576758675967606761676267636764676567666767676867696770677167726773677467756776677767786779678067816782678367846785678667876788678967906791679267936794679567966797679867996800680168026803680468056806680768086809681068116812681368146815681668176818681968206821682268236824682568266827682868296830683168326833683468356836683768386839684068416842684368446845684668476848684968506851685268536854685568566857685868596860686168626863686468656866686768686869687068716872687368746875687668776878687968806881688268836884688568866887688868896890689168926893689468956896689768986899690069016902690369046905690669076908690969106911691269136914691569166917691869196920692169226923692469256926692769286929693069316932693369346935693669376938693969406941694269436944694569466947694869496950695169526953695469556956695769586959696069616962696369646965696669676968696969706971697269736974697569766977697869796980698169826983698469856986698769886989699069916992699369946995699669976998699970007001700270037004700570067007700870097010701170127013701470157016701770187019702070217022702370247025702670277028702970307031703270337034703570367037703870397040704170427043704470457046704770487049705070517052705370547055705670577058705970607061706270637064706570667067706870697070707170727073707470757076707770787079708070817082708370847085708670877088708970907091709270937094709570967097709870997100710171027103710471057106710771087109711071117112711371147115711671177118711971207121712271237124712571267127712871297130713171327133713471357136713771387139714071417142714371447145714671477148714971507151715271537154715571567157715871597160716171627163716471657166716771687169717071717172717371747175717671777178717971807181718271837184718571867187718871897190719171927193719471957196719771987199720072017202720372047205720672077208720972107211721272137214721572167217721872197220722172227223722472257226722772287229723072317232723372347235723672377238723972407241724272437244724572467247724872497250725172527253725472557256725772587259726072617262726372647265726672677268726972707271727272737274727572767277727872797280728172827283728472857286728772887289729072917292729372947295729672977298729973007301730273037304730573067307730873097310731173127313731473157316731773187319732073217322732373247325732673277328732973307331733273337334733573367337733873397340734173427343734473457346734773487349735073517352735373547355735673577358735973607361736273637364736573667367736873697370737173727373737473757376737773787379738073817382738373847385738673877388738973907391739273937394739573967397739873997400740174027403740474057406740774087409741074117412741374147415741674177418741974207421742274237424742574267427742874297430743174327433743474357436743774387439744074417442744374447445744674477448744974507451745274537454745574567457745874597460746174627463746474657466746774687469747074717472747374747475747674777478747974807481748274837484748574867487748874897490749174927493749474957496749774987499750075017502750375047505750675077508750975107511751275137514751575167517751875197520752175227523752475257526752775287529753075317532753375347535753675377538753975407541754275437544754575467547754875497550755175527553755475557556755775587559756075617562756375647565756675677568756975707571757275737574757575767577757875797580758175827583758475857586758775887589759075917592759375947595759675977598759976007601760276037604760576067607760876097610761176127613761476157616761776187619762076217622762376247625762676277628762976307631763276337634763576367637763876397640764176427643764476457646764776487649765076517652765376547655765676577658765976607661766276637664766576667667766876697670767176727673767476757676767776787679768076817682768376847685768676877688768976907691769276937694769576967697769876997700770177027703770477057706770777087709771077117712771377147715771677177718771977207721772277237724772577267727772877297730773177327733773477357736773777387739774077417742774377447745774677477748774977507751775277537754775577567757775877597760776177627763776477657766776777687769777077717772777377747775777677777778777977807781778277837784778577867787778877897790779177927793779477957796779777987799780078017802780378047805
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. * Copyright 2005 Nokia. All rights reserved.
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <stdio.h>
  12. #include "ssl_local.h"
  13. #include "internal/e_os.h"
  14. #include <openssl/objects.h>
  15. #include <openssl/x509v3.h>
  16. #include <openssl/rand.h>
  17. #include <openssl/ocsp.h>
  18. #include <openssl/dh.h>
  19. #include <openssl/engine.h>
  20. #include <openssl/async.h>
  21. #include <openssl/ct.h>
  22. #include <openssl/trace.h>
  23. #include <openssl/core_names.h>
  24. #include "internal/cryptlib.h"
  25. #include "internal/nelem.h"
  26. #include "internal/refcount.h"
  27. #include "internal/ktls.h"
  28. #include "quic/quic_local.h"
  29. static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r,
  30. unsigned char *s, size_t t, size_t *u)
  31. {
  32. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  33. }
  34. static int ssl_undefined_function_4(SSL_CONNECTION *sc, int r)
  35. {
  36. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  37. }
  38. static size_t ssl_undefined_function_5(SSL_CONNECTION *sc, const char *r,
  39. size_t s, unsigned char *t)
  40. {
  41. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  42. }
  43. static int ssl_undefined_function_6(int r)
  44. {
  45. return ssl_undefined_function(NULL);
  46. }
  47. static int ssl_undefined_function_7(SSL_CONNECTION *sc, unsigned char *r,
  48. size_t s, const char *t, size_t u,
  49. const unsigned char *v, size_t w, int x)
  50. {
  51. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  52. }
  53. static int ssl_undefined_function_8(SSL_CONNECTION *sc)
  54. {
  55. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  56. }
  57. SSL3_ENC_METHOD ssl3_undef_enc_method = {
  58. ssl_undefined_function_8,
  59. ssl_undefined_function_3,
  60. ssl_undefined_function_4,
  61. ssl_undefined_function_5,
  62. NULL, /* client_finished_label */
  63. 0, /* client_finished_label_len */
  64. NULL, /* server_finished_label */
  65. 0, /* server_finished_label_len */
  66. ssl_undefined_function_6,
  67. ssl_undefined_function_7,
  68. };
  69. struct ssl_async_args {
  70. SSL *s;
  71. void *buf;
  72. size_t num;
  73. enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
  74. union {
  75. int (*func_read) (SSL *, void *, size_t, size_t *);
  76. int (*func_write) (SSL *, const void *, size_t, size_t *);
  77. int (*func_other) (SSL *);
  78. } f;
  79. };
  80. static const struct {
  81. uint8_t mtype;
  82. uint8_t ord;
  83. int nid;
  84. } dane_mds[] = {
  85. {
  86. DANETLS_MATCHING_FULL, 0, NID_undef
  87. },
  88. {
  89. DANETLS_MATCHING_2256, 1, NID_sha256
  90. },
  91. {
  92. DANETLS_MATCHING_2512, 2, NID_sha512
  93. },
  94. };
  95. static int dane_ctx_enable(struct dane_ctx_st *dctx)
  96. {
  97. const EVP_MD **mdevp;
  98. uint8_t *mdord;
  99. uint8_t mdmax = DANETLS_MATCHING_LAST;
  100. int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
  101. size_t i;
  102. if (dctx->mdevp != NULL)
  103. return 1;
  104. mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
  105. mdord = OPENSSL_zalloc(n * sizeof(*mdord));
  106. if (mdord == NULL || mdevp == NULL) {
  107. OPENSSL_free(mdord);
  108. OPENSSL_free(mdevp);
  109. return 0;
  110. }
  111. /* Install default entries */
  112. for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
  113. const EVP_MD *md;
  114. if (dane_mds[i].nid == NID_undef ||
  115. (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
  116. continue;
  117. mdevp[dane_mds[i].mtype] = md;
  118. mdord[dane_mds[i].mtype] = dane_mds[i].ord;
  119. }
  120. dctx->mdevp = mdevp;
  121. dctx->mdord = mdord;
  122. dctx->mdmax = mdmax;
  123. return 1;
  124. }
  125. static void dane_ctx_final(struct dane_ctx_st *dctx)
  126. {
  127. OPENSSL_free(dctx->mdevp);
  128. dctx->mdevp = NULL;
  129. OPENSSL_free(dctx->mdord);
  130. dctx->mdord = NULL;
  131. dctx->mdmax = 0;
  132. }
  133. static void tlsa_free(danetls_record *t)
  134. {
  135. if (t == NULL)
  136. return;
  137. OPENSSL_free(t->data);
  138. EVP_PKEY_free(t->spki);
  139. OPENSSL_free(t);
  140. }
  141. static void dane_final(SSL_DANE *dane)
  142. {
  143. sk_danetls_record_pop_free(dane->trecs, tlsa_free);
  144. dane->trecs = NULL;
  145. OSSL_STACK_OF_X509_free(dane->certs);
  146. dane->certs = NULL;
  147. X509_free(dane->mcert);
  148. dane->mcert = NULL;
  149. dane->mtlsa = NULL;
  150. dane->mdpth = -1;
  151. dane->pdpth = -1;
  152. }
  153. /*
  154. * dane_copy - Copy dane configuration, sans verification state.
  155. */
  156. static int ssl_dane_dup(SSL_CONNECTION *to, SSL_CONNECTION *from)
  157. {
  158. int num;
  159. int i;
  160. if (!DANETLS_ENABLED(&from->dane))
  161. return 1;
  162. num = sk_danetls_record_num(from->dane.trecs);
  163. dane_final(&to->dane);
  164. to->dane.flags = from->dane.flags;
  165. to->dane.dctx = &SSL_CONNECTION_GET_CTX(to)->dane;
  166. to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
  167. if (to->dane.trecs == NULL) {
  168. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  169. return 0;
  170. }
  171. for (i = 0; i < num; ++i) {
  172. danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
  173. if (SSL_dane_tlsa_add(SSL_CONNECTION_GET_SSL(to), t->usage,
  174. t->selector, t->mtype, t->data, t->dlen) <= 0)
  175. return 0;
  176. }
  177. return 1;
  178. }
  179. static int dane_mtype_set(struct dane_ctx_st *dctx,
  180. const EVP_MD *md, uint8_t mtype, uint8_t ord)
  181. {
  182. int i;
  183. if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
  184. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
  185. return 0;
  186. }
  187. if (mtype > dctx->mdmax) {
  188. const EVP_MD **mdevp;
  189. uint8_t *mdord;
  190. int n = ((int)mtype) + 1;
  191. mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
  192. if (mdevp == NULL)
  193. return -1;
  194. dctx->mdevp = mdevp;
  195. mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
  196. if (mdord == NULL)
  197. return -1;
  198. dctx->mdord = mdord;
  199. /* Zero-fill any gaps */
  200. for (i = dctx->mdmax + 1; i < mtype; ++i) {
  201. mdevp[i] = NULL;
  202. mdord[i] = 0;
  203. }
  204. dctx->mdmax = mtype;
  205. }
  206. dctx->mdevp[mtype] = md;
  207. /* Coerce ordinal of disabled matching types to 0 */
  208. dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
  209. return 1;
  210. }
  211. static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
  212. {
  213. if (mtype > dane->dctx->mdmax)
  214. return NULL;
  215. return dane->dctx->mdevp[mtype];
  216. }
  217. static int dane_tlsa_add(SSL_DANE *dane,
  218. uint8_t usage,
  219. uint8_t selector,
  220. uint8_t mtype, const unsigned char *data, size_t dlen)
  221. {
  222. danetls_record *t;
  223. const EVP_MD *md = NULL;
  224. int ilen = (int)dlen;
  225. int i;
  226. int num;
  227. if (dane->trecs == NULL) {
  228. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED);
  229. return -1;
  230. }
  231. if (ilen < 0 || dlen != (size_t)ilen) {
  232. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
  233. return 0;
  234. }
  235. if (usage > DANETLS_USAGE_LAST) {
  236. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
  237. return 0;
  238. }
  239. if (selector > DANETLS_SELECTOR_LAST) {
  240. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR);
  241. return 0;
  242. }
  243. if (mtype != DANETLS_MATCHING_FULL) {
  244. md = tlsa_md_get(dane, mtype);
  245. if (md == NULL) {
  246. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
  247. return 0;
  248. }
  249. }
  250. if (md != NULL && dlen != (size_t)EVP_MD_get_size(md)) {
  251. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
  252. return 0;
  253. }
  254. if (!data) {
  255. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA);
  256. return 0;
  257. }
  258. if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL)
  259. return -1;
  260. t->usage = usage;
  261. t->selector = selector;
  262. t->mtype = mtype;
  263. t->data = OPENSSL_malloc(dlen);
  264. if (t->data == NULL) {
  265. tlsa_free(t);
  266. return -1;
  267. }
  268. memcpy(t->data, data, dlen);
  269. t->dlen = dlen;
  270. /* Validate and cache full certificate or public key */
  271. if (mtype == DANETLS_MATCHING_FULL) {
  272. const unsigned char *p = data;
  273. X509 *cert = NULL;
  274. EVP_PKEY *pkey = NULL;
  275. switch (selector) {
  276. case DANETLS_SELECTOR_CERT:
  277. if (!d2i_X509(&cert, &p, ilen) || p < data ||
  278. dlen != (size_t)(p - data)) {
  279. X509_free(cert);
  280. tlsa_free(t);
  281. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  282. return 0;
  283. }
  284. if (X509_get0_pubkey(cert) == NULL) {
  285. X509_free(cert);
  286. tlsa_free(t);
  287. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  288. return 0;
  289. }
  290. if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
  291. X509_free(cert);
  292. tlsa_free(t);
  293. break;
  294. }
  295. /*
  296. * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
  297. * records that contain full certificates of trust-anchors that are
  298. * not present in the wire chain. For usage PKIX-TA(0), we augment
  299. * the chain with untrusted Full(0) certificates from DNS, in case
  300. * they are missing from the chain.
  301. */
  302. if ((dane->certs == NULL &&
  303. (dane->certs = sk_X509_new_null()) == NULL) ||
  304. !sk_X509_push(dane->certs, cert)) {
  305. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  306. X509_free(cert);
  307. tlsa_free(t);
  308. return -1;
  309. }
  310. break;
  311. case DANETLS_SELECTOR_SPKI:
  312. if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
  313. dlen != (size_t)(p - data)) {
  314. EVP_PKEY_free(pkey);
  315. tlsa_free(t);
  316. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
  317. return 0;
  318. }
  319. /*
  320. * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
  321. * records that contain full bare keys of trust-anchors that are
  322. * not present in the wire chain.
  323. */
  324. if (usage == DANETLS_USAGE_DANE_TA)
  325. t->spki = pkey;
  326. else
  327. EVP_PKEY_free(pkey);
  328. break;
  329. }
  330. }
  331. /*-
  332. * Find the right insertion point for the new record.
  333. *
  334. * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
  335. * they can be processed first, as they require no chain building, and no
  336. * expiration or hostname checks. Because DANE-EE(3) is numerically
  337. * largest, this is accomplished via descending sort by "usage".
  338. *
  339. * We also sort in descending order by matching ordinal to simplify
  340. * the implementation of digest agility in the verification code.
  341. *
  342. * The choice of order for the selector is not significant, so we
  343. * use the same descending order for consistency.
  344. */
  345. num = sk_danetls_record_num(dane->trecs);
  346. for (i = 0; i < num; ++i) {
  347. danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
  348. if (rec->usage > usage)
  349. continue;
  350. if (rec->usage < usage)
  351. break;
  352. if (rec->selector > selector)
  353. continue;
  354. if (rec->selector < selector)
  355. break;
  356. if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
  357. continue;
  358. break;
  359. }
  360. if (!sk_danetls_record_insert(dane->trecs, t, i)) {
  361. tlsa_free(t);
  362. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  363. return -1;
  364. }
  365. dane->umask |= DANETLS_USAGE_BIT(usage);
  366. return 1;
  367. }
  368. /*
  369. * Return 0 if there is only one version configured and it was disabled
  370. * at configure time. Return 1 otherwise.
  371. */
  372. static int ssl_check_allowed_versions(int min_version, int max_version)
  373. {
  374. int minisdtls = 0, maxisdtls = 0;
  375. /* Figure out if we're doing DTLS versions or TLS versions */
  376. if (min_version == DTLS1_BAD_VER
  377. || min_version >> 8 == DTLS1_VERSION_MAJOR)
  378. minisdtls = 1;
  379. if (max_version == DTLS1_BAD_VER
  380. || max_version >> 8 == DTLS1_VERSION_MAJOR)
  381. maxisdtls = 1;
  382. /* A wildcard version of 0 could be DTLS or TLS. */
  383. if ((minisdtls && !maxisdtls && max_version != 0)
  384. || (maxisdtls && !minisdtls && min_version != 0)) {
  385. /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
  386. return 0;
  387. }
  388. if (minisdtls || maxisdtls) {
  389. /* Do DTLS version checks. */
  390. if (min_version == 0)
  391. /* Ignore DTLS1_BAD_VER */
  392. min_version = DTLS1_VERSION;
  393. if (max_version == 0)
  394. max_version = DTLS1_2_VERSION;
  395. #ifdef OPENSSL_NO_DTLS1_2
  396. if (max_version == DTLS1_2_VERSION)
  397. max_version = DTLS1_VERSION;
  398. #endif
  399. #ifdef OPENSSL_NO_DTLS1
  400. if (min_version == DTLS1_VERSION)
  401. min_version = DTLS1_2_VERSION;
  402. #endif
  403. /* Done massaging versions; do the check. */
  404. if (0
  405. #ifdef OPENSSL_NO_DTLS1
  406. || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
  407. && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
  408. #endif
  409. #ifdef OPENSSL_NO_DTLS1_2
  410. || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
  411. && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
  412. #endif
  413. )
  414. return 0;
  415. } else {
  416. /* Regular TLS version checks. */
  417. if (min_version == 0)
  418. min_version = SSL3_VERSION;
  419. if (max_version == 0)
  420. max_version = TLS1_3_VERSION;
  421. #ifdef OPENSSL_NO_TLS1_3
  422. if (max_version == TLS1_3_VERSION)
  423. max_version = TLS1_2_VERSION;
  424. #endif
  425. #ifdef OPENSSL_NO_TLS1_2
  426. if (max_version == TLS1_2_VERSION)
  427. max_version = TLS1_1_VERSION;
  428. #endif
  429. #ifdef OPENSSL_NO_TLS1_1
  430. if (max_version == TLS1_1_VERSION)
  431. max_version = TLS1_VERSION;
  432. #endif
  433. #ifdef OPENSSL_NO_TLS1
  434. if (max_version == TLS1_VERSION)
  435. max_version = SSL3_VERSION;
  436. #endif
  437. #ifdef OPENSSL_NO_SSL3
  438. if (min_version == SSL3_VERSION)
  439. min_version = TLS1_VERSION;
  440. #endif
  441. #ifdef OPENSSL_NO_TLS1
  442. if (min_version == TLS1_VERSION)
  443. min_version = TLS1_1_VERSION;
  444. #endif
  445. #ifdef OPENSSL_NO_TLS1_1
  446. if (min_version == TLS1_1_VERSION)
  447. min_version = TLS1_2_VERSION;
  448. #endif
  449. #ifdef OPENSSL_NO_TLS1_2
  450. if (min_version == TLS1_2_VERSION)
  451. min_version = TLS1_3_VERSION;
  452. #endif
  453. /* Done massaging versions; do the check. */
  454. if (0
  455. #ifdef OPENSSL_NO_SSL3
  456. || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
  457. #endif
  458. #ifdef OPENSSL_NO_TLS1
  459. || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
  460. #endif
  461. #ifdef OPENSSL_NO_TLS1_1
  462. || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
  463. #endif
  464. #ifdef OPENSSL_NO_TLS1_2
  465. || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
  466. #endif
  467. #ifdef OPENSSL_NO_TLS1_3
  468. || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
  469. #endif
  470. )
  471. return 0;
  472. }
  473. return 1;
  474. }
  475. #if defined(__TANDEM) && defined(OPENSSL_VPROC)
  476. /*
  477. * Define a VPROC function for HP NonStop build ssl library.
  478. * This is used by platform version identification tools.
  479. * Do not inline this procedure or make it static.
  480. */
  481. # define OPENSSL_VPROC_STRING_(x) x##_SSL
  482. # define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x)
  483. # define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC)
  484. void OPENSSL_VPROC_FUNC(void) {}
  485. #endif
  486. static int clear_record_layer(SSL_CONNECTION *s)
  487. {
  488. int ret;
  489. /* We try and reset both record layers even if one fails */
  490. ret = ssl_set_new_record_layer(s,
  491. SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
  492. : TLS_ANY_VERSION,
  493. OSSL_RECORD_DIRECTION_READ,
  494. OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0,
  495. NULL, 0, NULL, 0, NULL, 0, NULL, 0,
  496. NID_undef, NULL, NULL, NULL);
  497. ret &= ssl_set_new_record_layer(s,
  498. SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
  499. : TLS_ANY_VERSION,
  500. OSSL_RECORD_DIRECTION_WRITE,
  501. OSSL_RECORD_PROTECTION_LEVEL_NONE, NULL, 0,
  502. NULL, 0, NULL, 0, NULL, 0, NULL, 0,
  503. NID_undef, NULL, NULL, NULL);
  504. /* SSLfatal already called in the event of failure */
  505. return ret;
  506. }
  507. int SSL_clear(SSL *s)
  508. {
  509. if (s->method == NULL) {
  510. ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED);
  511. return 0;
  512. }
  513. return s->method->ssl_reset(s);
  514. }
  515. int ossl_ssl_connection_reset(SSL *s)
  516. {
  517. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  518. if (sc == NULL)
  519. return 0;
  520. if (ssl_clear_bad_session(sc)) {
  521. SSL_SESSION_free(sc->session);
  522. sc->session = NULL;
  523. }
  524. SSL_SESSION_free(sc->psksession);
  525. sc->psksession = NULL;
  526. OPENSSL_free(sc->psksession_id);
  527. sc->psksession_id = NULL;
  528. sc->psksession_id_len = 0;
  529. sc->hello_retry_request = SSL_HRR_NONE;
  530. sc->sent_tickets = 0;
  531. sc->error = 0;
  532. sc->hit = 0;
  533. sc->shutdown = 0;
  534. if (sc->renegotiate) {
  535. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  536. return 0;
  537. }
  538. ossl_statem_clear(sc);
  539. sc->version = s->method->version;
  540. sc->client_version = sc->version;
  541. sc->rwstate = SSL_NOTHING;
  542. BUF_MEM_free(sc->init_buf);
  543. sc->init_buf = NULL;
  544. sc->first_packet = 0;
  545. sc->key_update = SSL_KEY_UPDATE_NONE;
  546. memset(sc->ext.compress_certificate_from_peer, 0,
  547. sizeof(sc->ext.compress_certificate_from_peer));
  548. sc->ext.compress_certificate_sent = 0;
  549. EVP_MD_CTX_free(sc->pha_dgst);
  550. sc->pha_dgst = NULL;
  551. /* Reset DANE verification result state */
  552. sc->dane.mdpth = -1;
  553. sc->dane.pdpth = -1;
  554. X509_free(sc->dane.mcert);
  555. sc->dane.mcert = NULL;
  556. sc->dane.mtlsa = NULL;
  557. /* Clear the verification result peername */
  558. X509_VERIFY_PARAM_move_peername(sc->param, NULL);
  559. /* Clear any shared connection state */
  560. OPENSSL_free(sc->shared_sigalgs);
  561. sc->shared_sigalgs = NULL;
  562. sc->shared_sigalgslen = 0;
  563. /*
  564. * Check to see if we were changed into a different method, if so, revert
  565. * back.
  566. */
  567. if (s->method != s->defltmeth) {
  568. s->method->ssl_deinit(s);
  569. s->method = s->defltmeth;
  570. if (!s->method->ssl_init(s))
  571. return 0;
  572. } else {
  573. if (!s->method->ssl_clear(s))
  574. return 0;
  575. }
  576. RECORD_LAYER_clear(&sc->rlayer);
  577. BIO_free(sc->rlayer.rrlnext);
  578. sc->rlayer.rrlnext = NULL;
  579. if (!clear_record_layer(sc))
  580. return 0;
  581. return 1;
  582. }
  583. #ifndef OPENSSL_NO_DEPRECATED_3_0
  584. /** Used to change an SSL_CTXs default SSL method type */
  585. int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
  586. {
  587. STACK_OF(SSL_CIPHER) *sk;
  588. if (IS_QUIC_CTX(ctx)) {
  589. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  590. return 0;
  591. }
  592. ctx->method = meth;
  593. if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {
  594. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  595. return 0;
  596. }
  597. sk = ssl_create_cipher_list(ctx,
  598. ctx->tls13_ciphersuites,
  599. &(ctx->cipher_list),
  600. &(ctx->cipher_list_by_id),
  601. OSSL_default_cipher_list(), ctx->cert);
  602. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
  603. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  604. return 0;
  605. }
  606. return 1;
  607. }
  608. #endif
  609. SSL *SSL_new(SSL_CTX *ctx)
  610. {
  611. if (ctx == NULL) {
  612. ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX);
  613. return NULL;
  614. }
  615. if (ctx->method == NULL) {
  616. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
  617. return NULL;
  618. }
  619. return ctx->method->ssl_new(ctx);
  620. }
  621. int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type)
  622. {
  623. ssl->type = type;
  624. ssl->lock = CRYPTO_THREAD_lock_new();
  625. if (ssl->lock == NULL)
  626. return 0;
  627. if (!CRYPTO_NEW_REF(&ssl->references, 1)) {
  628. CRYPTO_THREAD_lock_free(ssl->lock);
  629. return 0;
  630. }
  631. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) {
  632. CRYPTO_THREAD_lock_free(ssl->lock);
  633. CRYPTO_FREE_REF(&ssl->references);
  634. ssl->lock = NULL;
  635. return 0;
  636. }
  637. SSL_CTX_up_ref(ctx);
  638. ssl->ctx = ctx;
  639. ssl->defltmeth = ssl->method = method;
  640. return 1;
  641. }
  642. SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method)
  643. {
  644. SSL_CONNECTION *s;
  645. SSL *ssl;
  646. s = OPENSSL_zalloc(sizeof(*s));
  647. if (s == NULL)
  648. return NULL;
  649. ssl = &s->ssl;
  650. if (!ossl_ssl_init(ssl, ctx, method, SSL_TYPE_SSL_CONNECTION)) {
  651. OPENSSL_free(s);
  652. s = NULL;
  653. ssl = NULL;
  654. goto sslerr;
  655. }
  656. RECORD_LAYER_init(&s->rlayer, s);
  657. s->options = ctx->options;
  658. s->dane.flags = ctx->dane.flags;
  659. if (method->version == ctx->method->version) {
  660. s->min_proto_version = ctx->min_proto_version;
  661. s->max_proto_version = ctx->max_proto_version;
  662. }
  663. s->mode = ctx->mode;
  664. s->max_cert_list = ctx->max_cert_list;
  665. s->max_early_data = ctx->max_early_data;
  666. s->recv_max_early_data = ctx->recv_max_early_data;
  667. s->num_tickets = ctx->num_tickets;
  668. s->pha_enabled = ctx->pha_enabled;
  669. /* Shallow copy of the ciphersuites stack */
  670. s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
  671. if (s->tls13_ciphersuites == NULL)
  672. goto cerr;
  673. /*
  674. * Earlier library versions used to copy the pointer to the CERT, not
  675. * its contents; only when setting new parameters for the per-SSL
  676. * copy, ssl_cert_new would be called (and the direct reference to
  677. * the per-SSL_CTX settings would be lost, but those still were
  678. * indirectly accessed for various purposes, and for that reason they
  679. * used to be known as s->ctx->default_cert). Now we don't look at the
  680. * SSL_CTX's CERT after having duplicated it once.
  681. */
  682. s->cert = ssl_cert_dup(ctx->cert);
  683. if (s->cert == NULL)
  684. goto sslerr;
  685. RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
  686. s->msg_callback = ctx->msg_callback;
  687. s->msg_callback_arg = ctx->msg_callback_arg;
  688. s->verify_mode = ctx->verify_mode;
  689. s->not_resumable_session_cb = ctx->not_resumable_session_cb;
  690. s->rlayer.record_padding_cb = ctx->record_padding_cb;
  691. s->rlayer.record_padding_arg = ctx->record_padding_arg;
  692. s->rlayer.block_padding = ctx->block_padding;
  693. s->sid_ctx_length = ctx->sid_ctx_length;
  694. if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
  695. goto err;
  696. memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
  697. s->verify_callback = ctx->default_verify_callback;
  698. s->generate_session_id = ctx->generate_session_id;
  699. s->param = X509_VERIFY_PARAM_new();
  700. if (s->param == NULL)
  701. goto asn1err;
  702. X509_VERIFY_PARAM_inherit(s->param, ctx->param);
  703. s->quiet_shutdown = IS_QUIC_CTX(ctx) ? 0 : ctx->quiet_shutdown;
  704. if (!IS_QUIC_CTX(ctx))
  705. s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
  706. s->max_send_fragment = ctx->max_send_fragment;
  707. s->split_send_fragment = ctx->split_send_fragment;
  708. s->max_pipelines = ctx->max_pipelines;
  709. s->rlayer.default_read_buf_len = ctx->default_read_buf_len;
  710. s->ext.debug_cb = 0;
  711. s->ext.debug_arg = NULL;
  712. s->ext.ticket_expected = 0;
  713. s->ext.status_type = ctx->ext.status_type;
  714. s->ext.status_expected = 0;
  715. s->ext.ocsp.ids = NULL;
  716. s->ext.ocsp.exts = NULL;
  717. s->ext.ocsp.resp = NULL;
  718. s->ext.ocsp.resp_len = 0;
  719. SSL_CTX_up_ref(ctx);
  720. s->session_ctx = ctx;
  721. if (ctx->ext.ecpointformats) {
  722. s->ext.ecpointformats =
  723. OPENSSL_memdup(ctx->ext.ecpointformats,
  724. ctx->ext.ecpointformats_len);
  725. if (!s->ext.ecpointformats) {
  726. s->ext.ecpointformats_len = 0;
  727. goto err;
  728. }
  729. s->ext.ecpointformats_len =
  730. ctx->ext.ecpointformats_len;
  731. }
  732. if (ctx->ext.supportedgroups) {
  733. s->ext.supportedgroups =
  734. OPENSSL_memdup(ctx->ext.supportedgroups,
  735. ctx->ext.supportedgroups_len
  736. * sizeof(*ctx->ext.supportedgroups));
  737. if (!s->ext.supportedgroups) {
  738. s->ext.supportedgroups_len = 0;
  739. goto err;
  740. }
  741. s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
  742. }
  743. #ifndef OPENSSL_NO_NEXTPROTONEG
  744. s->ext.npn = NULL;
  745. #endif
  746. if (ctx->ext.alpn != NULL) {
  747. s->ext.alpn = OPENSSL_malloc(ctx->ext.alpn_len);
  748. if (s->ext.alpn == NULL) {
  749. s->ext.alpn_len = 0;
  750. goto err;
  751. }
  752. memcpy(s->ext.alpn, ctx->ext.alpn, ctx->ext.alpn_len);
  753. s->ext.alpn_len = ctx->ext.alpn_len;
  754. }
  755. s->verified_chain = NULL;
  756. s->verify_result = X509_V_OK;
  757. s->default_passwd_callback = ctx->default_passwd_callback;
  758. s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  759. s->key_update = SSL_KEY_UPDATE_NONE;
  760. if (!IS_QUIC_CTX(ctx)) {
  761. s->allow_early_data_cb = ctx->allow_early_data_cb;
  762. s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
  763. }
  764. if (!method->ssl_init(ssl))
  765. goto sslerr;
  766. s->server = (method->ssl_accept == ssl_undefined_function) ? 0 : 1;
  767. if (!method->ssl_reset(ssl))
  768. goto sslerr;
  769. #ifndef OPENSSL_NO_PSK
  770. s->psk_client_callback = ctx->psk_client_callback;
  771. s->psk_server_callback = ctx->psk_server_callback;
  772. #endif
  773. s->psk_find_session_cb = ctx->psk_find_session_cb;
  774. s->psk_use_session_cb = ctx->psk_use_session_cb;
  775. s->async_cb = ctx->async_cb;
  776. s->async_cb_arg = ctx->async_cb_arg;
  777. s->job = NULL;
  778. #ifndef OPENSSL_NO_COMP_ALG
  779. memcpy(s->cert_comp_prefs, ctx->cert_comp_prefs, sizeof(s->cert_comp_prefs));
  780. #endif
  781. if (ctx->client_cert_type != NULL) {
  782. s->client_cert_type = OPENSSL_memdup(ctx->client_cert_type,
  783. ctx->client_cert_type_len);
  784. if (s->client_cert_type == NULL)
  785. goto sslerr;
  786. s->client_cert_type_len = ctx->client_cert_type_len;
  787. }
  788. if (ctx->server_cert_type != NULL) {
  789. s->server_cert_type = OPENSSL_memdup(ctx->server_cert_type,
  790. ctx->server_cert_type_len);
  791. if (s->server_cert_type == NULL)
  792. goto sslerr;
  793. s->server_cert_type_len = ctx->server_cert_type_len;
  794. }
  795. #ifndef OPENSSL_NO_CT
  796. if (!SSL_set_ct_validation_callback(ssl, ctx->ct_validation_callback,
  797. ctx->ct_validation_callback_arg))
  798. goto sslerr;
  799. #endif
  800. s->ssl_pkey_num = SSL_PKEY_NUM + ctx->sigalg_list_len;
  801. return ssl;
  802. cerr:
  803. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  804. goto err;
  805. asn1err:
  806. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  807. goto err;
  808. sslerr:
  809. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  810. err:
  811. SSL_free(ssl);
  812. return NULL;
  813. }
  814. SSL *ossl_ssl_connection_new(SSL_CTX *ctx)
  815. {
  816. return ossl_ssl_connection_new_int(ctx, ctx->method);
  817. }
  818. int SSL_is_dtls(const SSL *s)
  819. {
  820. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  821. #ifndef OPENSSL_NO_QUIC
  822. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  823. return 0;
  824. #endif
  825. if (sc == NULL)
  826. return 0;
  827. return SSL_CONNECTION_IS_DTLS(sc) ? 1 : 0;
  828. }
  829. int SSL_is_tls(const SSL *s)
  830. {
  831. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  832. #ifndef OPENSSL_NO_QUIC
  833. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  834. return 0;
  835. #endif
  836. if (sc == NULL)
  837. return 0;
  838. return SSL_CONNECTION_IS_DTLS(sc) ? 0 : 1;
  839. }
  840. int SSL_is_quic(const SSL *s)
  841. {
  842. #ifndef OPENSSL_NO_QUIC
  843. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  844. return 1;
  845. #endif
  846. return 0;
  847. }
  848. int SSL_up_ref(SSL *s)
  849. {
  850. int i;
  851. if (CRYPTO_UP_REF(&s->references, &i) <= 0)
  852. return 0;
  853. REF_PRINT_COUNT("SSL", s);
  854. REF_ASSERT_ISNT(i < 2);
  855. return ((i > 1) ? 1 : 0);
  856. }
  857. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
  858. unsigned int sid_ctx_len)
  859. {
  860. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  861. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  862. return 0;
  863. }
  864. ctx->sid_ctx_length = sid_ctx_len;
  865. memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
  866. return 1;
  867. }
  868. int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
  869. unsigned int sid_ctx_len)
  870. {
  871. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  872. if (sc == NULL)
  873. return 0;
  874. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  875. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  876. return 0;
  877. }
  878. sc->sid_ctx_length = sid_ctx_len;
  879. memcpy(sc->sid_ctx, sid_ctx, sid_ctx_len);
  880. return 1;
  881. }
  882. int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
  883. {
  884. if (!CRYPTO_THREAD_write_lock(ctx->lock))
  885. return 0;
  886. ctx->generate_session_id = cb;
  887. CRYPTO_THREAD_unlock(ctx->lock);
  888. return 1;
  889. }
  890. int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
  891. {
  892. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  893. if (sc == NULL || !CRYPTO_THREAD_write_lock(ssl->lock))
  894. return 0;
  895. sc->generate_session_id = cb;
  896. CRYPTO_THREAD_unlock(ssl->lock);
  897. return 1;
  898. }
  899. int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
  900. unsigned int id_len)
  901. {
  902. /*
  903. * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
  904. * we can "construct" a session to give us the desired check - i.e. to
  905. * find if there's a session in the hash table that would conflict with
  906. * any new session built out of this id/id_len and the ssl_version in use
  907. * by this SSL.
  908. */
  909. SSL_SESSION r, *p;
  910. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  911. if (sc == NULL || id_len > sizeof(r.session_id))
  912. return 0;
  913. r.ssl_version = sc->version;
  914. r.session_id_length = id_len;
  915. memcpy(r.session_id, id, id_len);
  916. if (!CRYPTO_THREAD_read_lock(sc->session_ctx->lock))
  917. return 0;
  918. p = lh_SSL_SESSION_retrieve(sc->session_ctx->sessions, &r);
  919. CRYPTO_THREAD_unlock(sc->session_ctx->lock);
  920. return (p != NULL);
  921. }
  922. int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
  923. {
  924. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  925. }
  926. int SSL_set_purpose(SSL *s, int purpose)
  927. {
  928. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  929. if (sc == NULL)
  930. return 0;
  931. return X509_VERIFY_PARAM_set_purpose(sc->param, purpose);
  932. }
  933. int SSL_CTX_set_trust(SSL_CTX *s, int trust)
  934. {
  935. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  936. }
  937. int SSL_set_trust(SSL *s, int trust)
  938. {
  939. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  940. if (sc == NULL)
  941. return 0;
  942. return X509_VERIFY_PARAM_set_trust(sc->param, trust);
  943. }
  944. int SSL_set1_host(SSL *s, const char *hostname)
  945. {
  946. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  947. if (sc == NULL)
  948. return 0;
  949. /* If a hostname is provided and parses as an IP address,
  950. * treat it as such. */
  951. if (hostname != NULL
  952. && X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname) == 1)
  953. return 1;
  954. return X509_VERIFY_PARAM_set1_host(sc->param, hostname, 0);
  955. }
  956. int SSL_add1_host(SSL *s, const char *hostname)
  957. {
  958. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  959. if (sc == NULL)
  960. return 0;
  961. /* If a hostname is provided and parses as an IP address,
  962. * treat it as such. */
  963. if (hostname)
  964. {
  965. ASN1_OCTET_STRING *ip;
  966. char *old_ip;
  967. ip = a2i_IPADDRESS(hostname);
  968. if (ip) {
  969. /* We didn't want it; only to check if it *is* an IP address */
  970. ASN1_OCTET_STRING_free(ip);
  971. old_ip = X509_VERIFY_PARAM_get1_ip_asc(sc->param);
  972. if (old_ip)
  973. {
  974. OPENSSL_free(old_ip);
  975. /* There can be only one IP address */
  976. return 0;
  977. }
  978. return X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname);
  979. }
  980. }
  981. return X509_VERIFY_PARAM_add1_host(sc->param, hostname, 0);
  982. }
  983. void SSL_set_hostflags(SSL *s, unsigned int flags)
  984. {
  985. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  986. if (sc == NULL)
  987. return;
  988. X509_VERIFY_PARAM_set_hostflags(sc->param, flags);
  989. }
  990. const char *SSL_get0_peername(SSL *s)
  991. {
  992. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  993. if (sc == NULL)
  994. return NULL;
  995. return X509_VERIFY_PARAM_get0_peername(sc->param);
  996. }
  997. int SSL_CTX_dane_enable(SSL_CTX *ctx)
  998. {
  999. return dane_ctx_enable(&ctx->dane);
  1000. }
  1001. unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
  1002. {
  1003. unsigned long orig = ctx->dane.flags;
  1004. ctx->dane.flags |= flags;
  1005. return orig;
  1006. }
  1007. unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
  1008. {
  1009. unsigned long orig = ctx->dane.flags;
  1010. ctx->dane.flags &= ~flags;
  1011. return orig;
  1012. }
  1013. int SSL_dane_enable(SSL *s, const char *basedomain)
  1014. {
  1015. SSL_DANE *dane;
  1016. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1017. if (sc == NULL)
  1018. return 0;
  1019. dane = &sc->dane;
  1020. if (s->ctx->dane.mdmax == 0) {
  1021. ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED);
  1022. return 0;
  1023. }
  1024. if (dane->trecs != NULL) {
  1025. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED);
  1026. return 0;
  1027. }
  1028. /*
  1029. * Default SNI name. This rejects empty names, while set1_host below
  1030. * accepts them and disables hostname checks. To avoid side-effects with
  1031. * invalid input, set the SNI name first.
  1032. */
  1033. if (sc->ext.hostname == NULL) {
  1034. if (!SSL_set_tlsext_host_name(s, basedomain)) {
  1035. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  1036. return -1;
  1037. }
  1038. }
  1039. /* Primary RFC6125 reference identifier */
  1040. if (!X509_VERIFY_PARAM_set1_host(sc->param, basedomain, 0)) {
  1041. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  1042. return -1;
  1043. }
  1044. dane->mdpth = -1;
  1045. dane->pdpth = -1;
  1046. dane->dctx = &s->ctx->dane;
  1047. dane->trecs = sk_danetls_record_new_null();
  1048. if (dane->trecs == NULL) {
  1049. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  1050. return -1;
  1051. }
  1052. return 1;
  1053. }
  1054. unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
  1055. {
  1056. unsigned long orig;
  1057. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1058. if (sc == NULL)
  1059. return 0;
  1060. orig = sc->dane.flags;
  1061. sc->dane.flags |= flags;
  1062. return orig;
  1063. }
  1064. unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
  1065. {
  1066. unsigned long orig;
  1067. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1068. if (sc == NULL)
  1069. return 0;
  1070. orig = sc->dane.flags;
  1071. sc->dane.flags &= ~flags;
  1072. return orig;
  1073. }
  1074. int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
  1075. {
  1076. SSL_DANE *dane;
  1077. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1078. if (sc == NULL)
  1079. return -1;
  1080. dane = &sc->dane;
  1081. if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
  1082. return -1;
  1083. if (dane->mtlsa) {
  1084. if (mcert)
  1085. *mcert = dane->mcert;
  1086. if (mspki)
  1087. *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
  1088. }
  1089. return dane->mdpth;
  1090. }
  1091. int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
  1092. uint8_t *mtype, const unsigned char **data, size_t *dlen)
  1093. {
  1094. SSL_DANE *dane;
  1095. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1096. if (sc == NULL)
  1097. return -1;
  1098. dane = &sc->dane;
  1099. if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
  1100. return -1;
  1101. if (dane->mtlsa) {
  1102. if (usage)
  1103. *usage = dane->mtlsa->usage;
  1104. if (selector)
  1105. *selector = dane->mtlsa->selector;
  1106. if (mtype)
  1107. *mtype = dane->mtlsa->mtype;
  1108. if (data)
  1109. *data = dane->mtlsa->data;
  1110. if (dlen)
  1111. *dlen = dane->mtlsa->dlen;
  1112. }
  1113. return dane->mdpth;
  1114. }
  1115. SSL_DANE *SSL_get0_dane(SSL *s)
  1116. {
  1117. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1118. if (sc == NULL)
  1119. return NULL;
  1120. return &sc->dane;
  1121. }
  1122. int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
  1123. uint8_t mtype, const unsigned char *data, size_t dlen)
  1124. {
  1125. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1126. if (sc == NULL)
  1127. return 0;
  1128. return dane_tlsa_add(&sc->dane, usage, selector, mtype, data, dlen);
  1129. }
  1130. int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
  1131. uint8_t ord)
  1132. {
  1133. return dane_mtype_set(&ctx->dane, md, mtype, ord);
  1134. }
  1135. int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
  1136. {
  1137. return X509_VERIFY_PARAM_set1(ctx->param, vpm);
  1138. }
  1139. int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
  1140. {
  1141. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1142. if (sc == NULL)
  1143. return 0;
  1144. return X509_VERIFY_PARAM_set1(sc->param, vpm);
  1145. }
  1146. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
  1147. {
  1148. return ctx->param;
  1149. }
  1150. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
  1151. {
  1152. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1153. if (sc == NULL)
  1154. return NULL;
  1155. return sc->param;
  1156. }
  1157. void SSL_certs_clear(SSL *s)
  1158. {
  1159. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1160. if (sc == NULL)
  1161. return;
  1162. ssl_cert_clear_certs(sc->cert);
  1163. }
  1164. void SSL_free(SSL *s)
  1165. {
  1166. int i;
  1167. if (s == NULL)
  1168. return;
  1169. CRYPTO_DOWN_REF(&s->references, &i);
  1170. REF_PRINT_COUNT("SSL", s);
  1171. if (i > 0)
  1172. return;
  1173. REF_ASSERT_ISNT(i < 0);
  1174. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  1175. if (s->method != NULL)
  1176. s->method->ssl_free(s);
  1177. SSL_CTX_free(s->ctx);
  1178. CRYPTO_THREAD_lock_free(s->lock);
  1179. CRYPTO_FREE_REF(&s->references);
  1180. OPENSSL_free(s);
  1181. }
  1182. void ossl_ssl_connection_free(SSL *ssl)
  1183. {
  1184. SSL_CONNECTION *s;
  1185. s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  1186. if (s == NULL)
  1187. return;
  1188. X509_VERIFY_PARAM_free(s->param);
  1189. dane_final(&s->dane);
  1190. /* Ignore return value */
  1191. ssl_free_wbio_buffer(s);
  1192. RECORD_LAYER_clear(&s->rlayer);
  1193. BUF_MEM_free(s->init_buf);
  1194. /* add extra stuff */
  1195. sk_SSL_CIPHER_free(s->cipher_list);
  1196. sk_SSL_CIPHER_free(s->cipher_list_by_id);
  1197. sk_SSL_CIPHER_free(s->tls13_ciphersuites);
  1198. sk_SSL_CIPHER_free(s->peer_ciphers);
  1199. /* Make the next call work :-) */
  1200. if (s->session != NULL) {
  1201. ssl_clear_bad_session(s);
  1202. SSL_SESSION_free(s->session);
  1203. }
  1204. SSL_SESSION_free(s->psksession);
  1205. OPENSSL_free(s->psksession_id);
  1206. ssl_cert_free(s->cert);
  1207. OPENSSL_free(s->shared_sigalgs);
  1208. /* Free up if allocated */
  1209. OPENSSL_free(s->ext.hostname);
  1210. SSL_CTX_free(s->session_ctx);
  1211. OPENSSL_free(s->ext.ecpointformats);
  1212. OPENSSL_free(s->ext.peer_ecpointformats);
  1213. OPENSSL_free(s->ext.supportedgroups);
  1214. OPENSSL_free(s->ext.peer_supportedgroups);
  1215. sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
  1216. #ifndef OPENSSL_NO_OCSP
  1217. sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
  1218. #endif
  1219. #ifndef OPENSSL_NO_CT
  1220. SCT_LIST_free(s->scts);
  1221. OPENSSL_free(s->ext.scts);
  1222. #endif
  1223. OPENSSL_free(s->ext.ocsp.resp);
  1224. OPENSSL_free(s->ext.alpn);
  1225. OPENSSL_free(s->ext.tls13_cookie);
  1226. if (s->clienthello != NULL)
  1227. OPENSSL_free(s->clienthello->pre_proc_exts);
  1228. OPENSSL_free(s->clienthello);
  1229. OPENSSL_free(s->pha_context);
  1230. EVP_MD_CTX_free(s->pha_dgst);
  1231. sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
  1232. sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
  1233. OPENSSL_free(s->client_cert_type);
  1234. OPENSSL_free(s->server_cert_type);
  1235. OSSL_STACK_OF_X509_free(s->verified_chain);
  1236. if (ssl->method != NULL)
  1237. ssl->method->ssl_deinit(ssl);
  1238. ASYNC_WAIT_CTX_free(s->waitctx);
  1239. #if !defined(OPENSSL_NO_NEXTPROTONEG)
  1240. OPENSSL_free(s->ext.npn);
  1241. #endif
  1242. #ifndef OPENSSL_NO_SRTP
  1243. sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
  1244. #endif
  1245. /*
  1246. * We do this late. We want to ensure that any other references we held to
  1247. * these BIOs are freed first *before* we call BIO_free_all(), because
  1248. * BIO_free_all() will only free each BIO in the chain if the number of
  1249. * references to the first BIO have dropped to 0
  1250. */
  1251. BIO_free_all(s->wbio);
  1252. s->wbio = NULL;
  1253. BIO_free_all(s->rbio);
  1254. s->rbio = NULL;
  1255. OPENSSL_free(s->s3.tmp.valid_flags);
  1256. }
  1257. void SSL_set0_rbio(SSL *s, BIO *rbio)
  1258. {
  1259. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1260. #ifndef OPENSSL_NO_QUIC
  1261. if (IS_QUIC(s)) {
  1262. ossl_quic_conn_set0_net_rbio(s, rbio);
  1263. return;
  1264. }
  1265. #endif
  1266. if (sc == NULL)
  1267. return;
  1268. BIO_free_all(sc->rbio);
  1269. sc->rbio = rbio;
  1270. sc->rlayer.rrlmethod->set1_bio(sc->rlayer.rrl, sc->rbio);
  1271. }
  1272. void SSL_set0_wbio(SSL *s, BIO *wbio)
  1273. {
  1274. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1275. #ifndef OPENSSL_NO_QUIC
  1276. if (IS_QUIC(s)) {
  1277. ossl_quic_conn_set0_net_wbio(s, wbio);
  1278. return;
  1279. }
  1280. #endif
  1281. if (sc == NULL)
  1282. return;
  1283. /*
  1284. * If the output buffering BIO is still in place, remove it
  1285. */
  1286. if (sc->bbio != NULL)
  1287. sc->wbio = BIO_pop(sc->wbio);
  1288. BIO_free_all(sc->wbio);
  1289. sc->wbio = wbio;
  1290. /* Re-attach |bbio| to the new |wbio|. */
  1291. if (sc->bbio != NULL)
  1292. sc->wbio = BIO_push(sc->bbio, sc->wbio);
  1293. sc->rlayer.wrlmethod->set1_bio(sc->rlayer.wrl, sc->wbio);
  1294. }
  1295. void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
  1296. {
  1297. /*
  1298. * For historical reasons, this function has many different cases in
  1299. * ownership handling.
  1300. */
  1301. /* If nothing has changed, do nothing */
  1302. if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
  1303. return;
  1304. /*
  1305. * If the two arguments are equal then one fewer reference is granted by the
  1306. * caller than we want to take
  1307. */
  1308. if (rbio != NULL && rbio == wbio)
  1309. BIO_up_ref(rbio);
  1310. /*
  1311. * If only the wbio is changed only adopt one reference.
  1312. */
  1313. if (rbio == SSL_get_rbio(s)) {
  1314. SSL_set0_wbio(s, wbio);
  1315. return;
  1316. }
  1317. /*
  1318. * There is an asymmetry here for historical reasons. If only the rbio is
  1319. * changed AND the rbio and wbio were originally different, then we only
  1320. * adopt one reference.
  1321. */
  1322. if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
  1323. SSL_set0_rbio(s, rbio);
  1324. return;
  1325. }
  1326. /* Otherwise, adopt both references. */
  1327. SSL_set0_rbio(s, rbio);
  1328. SSL_set0_wbio(s, wbio);
  1329. }
  1330. BIO *SSL_get_rbio(const SSL *s)
  1331. {
  1332. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1333. #ifndef OPENSSL_NO_QUIC
  1334. if (IS_QUIC(s))
  1335. return ossl_quic_conn_get_net_rbio(s);
  1336. #endif
  1337. if (sc == NULL)
  1338. return NULL;
  1339. return sc->rbio;
  1340. }
  1341. BIO *SSL_get_wbio(const SSL *s)
  1342. {
  1343. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1344. #ifndef OPENSSL_NO_QUIC
  1345. if (IS_QUIC(s))
  1346. return ossl_quic_conn_get_net_wbio(s);
  1347. #endif
  1348. if (sc == NULL)
  1349. return NULL;
  1350. if (sc->bbio != NULL) {
  1351. /*
  1352. * If |bbio| is active, the true caller-configured BIO is its
  1353. * |next_bio|.
  1354. */
  1355. return BIO_next(sc->bbio);
  1356. }
  1357. return sc->wbio;
  1358. }
  1359. int SSL_get_fd(const SSL *s)
  1360. {
  1361. return SSL_get_rfd(s);
  1362. }
  1363. int SSL_get_rfd(const SSL *s)
  1364. {
  1365. int ret = -1;
  1366. BIO *b, *r;
  1367. b = SSL_get_rbio(s);
  1368. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1369. if (r != NULL)
  1370. BIO_get_fd(r, &ret);
  1371. return ret;
  1372. }
  1373. int SSL_get_wfd(const SSL *s)
  1374. {
  1375. int ret = -1;
  1376. BIO *b, *r;
  1377. b = SSL_get_wbio(s);
  1378. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1379. if (r != NULL)
  1380. BIO_get_fd(r, &ret);
  1381. return ret;
  1382. }
  1383. #ifndef OPENSSL_NO_SOCK
  1384. static const BIO_METHOD *fd_method(SSL *s)
  1385. {
  1386. #ifndef OPENSSL_NO_DGRAM
  1387. if (IS_QUIC(s))
  1388. return BIO_s_datagram();
  1389. #endif
  1390. return BIO_s_socket();
  1391. }
  1392. int SSL_set_fd(SSL *s, int fd)
  1393. {
  1394. int ret = 0;
  1395. BIO *bio = NULL;
  1396. if (s->type == SSL_TYPE_QUIC_XSO) {
  1397. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1398. goto err;
  1399. }
  1400. bio = BIO_new(fd_method(s));
  1401. if (bio == NULL) {
  1402. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1403. goto err;
  1404. }
  1405. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1406. SSL_set_bio(s, bio, bio);
  1407. #ifndef OPENSSL_NO_KTLS
  1408. /*
  1409. * The new socket is created successfully regardless of ktls_enable.
  1410. * ktls_enable doesn't change any functionality of the socket, except
  1411. * changing the setsockopt to enable the processing of ktls_start.
  1412. * Thus, it is not a problem to call it for non-TLS sockets.
  1413. */
  1414. ktls_enable(fd);
  1415. #endif /* OPENSSL_NO_KTLS */
  1416. ret = 1;
  1417. err:
  1418. return ret;
  1419. }
  1420. int SSL_set_wfd(SSL *s, int fd)
  1421. {
  1422. BIO *rbio = SSL_get_rbio(s);
  1423. int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
  1424. if (s->type == SSL_TYPE_QUIC_XSO) {
  1425. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1426. return 0;
  1427. }
  1428. if (rbio == NULL || BIO_method_type(rbio) != desired_type
  1429. || (int)BIO_get_fd(rbio, NULL) != fd) {
  1430. BIO *bio = BIO_new(fd_method(s));
  1431. if (bio == NULL) {
  1432. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1433. return 0;
  1434. }
  1435. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1436. SSL_set0_wbio(s, bio);
  1437. #ifndef OPENSSL_NO_KTLS
  1438. /*
  1439. * The new socket is created successfully regardless of ktls_enable.
  1440. * ktls_enable doesn't change any functionality of the socket, except
  1441. * changing the setsockopt to enable the processing of ktls_start.
  1442. * Thus, it is not a problem to call it for non-TLS sockets.
  1443. */
  1444. ktls_enable(fd);
  1445. #endif /* OPENSSL_NO_KTLS */
  1446. } else {
  1447. BIO_up_ref(rbio);
  1448. SSL_set0_wbio(s, rbio);
  1449. }
  1450. return 1;
  1451. }
  1452. int SSL_set_rfd(SSL *s, int fd)
  1453. {
  1454. BIO *wbio = SSL_get_wbio(s);
  1455. int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
  1456. if (s->type == SSL_TYPE_QUIC_XSO) {
  1457. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1458. return 0;
  1459. }
  1460. if (wbio == NULL || BIO_method_type(wbio) != desired_type
  1461. || ((int)BIO_get_fd(wbio, NULL) != fd)) {
  1462. BIO *bio = BIO_new(fd_method(s));
  1463. if (bio == NULL) {
  1464. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1465. return 0;
  1466. }
  1467. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1468. SSL_set0_rbio(s, bio);
  1469. } else {
  1470. BIO_up_ref(wbio);
  1471. SSL_set0_rbio(s, wbio);
  1472. }
  1473. return 1;
  1474. }
  1475. #endif
  1476. /* return length of latest Finished message we sent, copy to 'buf' */
  1477. size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
  1478. {
  1479. size_t ret = 0;
  1480. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1481. if (sc == NULL)
  1482. return 0;
  1483. ret = sc->s3.tmp.finish_md_len;
  1484. if (count > ret)
  1485. count = ret;
  1486. memcpy(buf, sc->s3.tmp.finish_md, count);
  1487. return ret;
  1488. }
  1489. /* return length of latest Finished message we expected, copy to 'buf' */
  1490. size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
  1491. {
  1492. size_t ret = 0;
  1493. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1494. if (sc == NULL)
  1495. return 0;
  1496. ret = sc->s3.tmp.peer_finish_md_len;
  1497. if (count > ret)
  1498. count = ret;
  1499. memcpy(buf, sc->s3.tmp.peer_finish_md, count);
  1500. return ret;
  1501. }
  1502. int SSL_get_verify_mode(const SSL *s)
  1503. {
  1504. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1505. if (sc == NULL)
  1506. return 0;
  1507. return sc->verify_mode;
  1508. }
  1509. int SSL_get_verify_depth(const SSL *s)
  1510. {
  1511. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1512. if (sc == NULL)
  1513. return 0;
  1514. return X509_VERIFY_PARAM_get_depth(sc->param);
  1515. }
  1516. int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
  1517. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1518. if (sc == NULL)
  1519. return NULL;
  1520. return sc->verify_callback;
  1521. }
  1522. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
  1523. {
  1524. return ctx->verify_mode;
  1525. }
  1526. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
  1527. {
  1528. return X509_VERIFY_PARAM_get_depth(ctx->param);
  1529. }
  1530. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
  1531. return ctx->default_verify_callback;
  1532. }
  1533. void SSL_set_verify(SSL *s, int mode,
  1534. int (*callback) (int ok, X509_STORE_CTX *ctx))
  1535. {
  1536. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1537. if (sc == NULL)
  1538. return;
  1539. sc->verify_mode = mode;
  1540. if (callback != NULL)
  1541. sc->verify_callback = callback;
  1542. }
  1543. void SSL_set_verify_depth(SSL *s, int depth)
  1544. {
  1545. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1546. if (sc == NULL)
  1547. return;
  1548. X509_VERIFY_PARAM_set_depth(sc->param, depth);
  1549. }
  1550. void SSL_set_read_ahead(SSL *s, int yes)
  1551. {
  1552. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  1553. OSSL_PARAM options[2], *opts = options;
  1554. if (sc == NULL)
  1555. return;
  1556. RECORD_LAYER_set_read_ahead(&sc->rlayer, yes);
  1557. *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD,
  1558. &sc->rlayer.read_ahead);
  1559. *opts = OSSL_PARAM_construct_end();
  1560. /* Ignore return value */
  1561. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  1562. }
  1563. int SSL_get_read_ahead(const SSL *s)
  1564. {
  1565. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  1566. if (sc == NULL)
  1567. return 0;
  1568. return RECORD_LAYER_get_read_ahead(&sc->rlayer);
  1569. }
  1570. int SSL_pending(const SSL *s)
  1571. {
  1572. size_t pending = s->method->ssl_pending(s);
  1573. /*
  1574. * SSL_pending cannot work properly if read-ahead is enabled
  1575. * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
  1576. * impossible to fix since SSL_pending cannot report errors that may be
  1577. * observed while scanning the new data. (Note that SSL_pending() is
  1578. * often used as a boolean value, so we'd better not return -1.)
  1579. *
  1580. * SSL_pending also cannot work properly if the value >INT_MAX. In that case
  1581. * we just return INT_MAX.
  1582. */
  1583. return pending < INT_MAX ? (int)pending : INT_MAX;
  1584. }
  1585. int SSL_has_pending(const SSL *s)
  1586. {
  1587. /*
  1588. * Similar to SSL_pending() but returns a 1 to indicate that we have
  1589. * processed or unprocessed data available or 0 otherwise (as opposed to the
  1590. * number of bytes available). Unlike SSL_pending() this will take into
  1591. * account read_ahead data. A 1 return simply indicates that we have data.
  1592. * That data may not result in any application data, or we may fail to parse
  1593. * the records for some reason.
  1594. */
  1595. const SSL_CONNECTION *sc;
  1596. #ifndef OPENSSL_NO_QUIC
  1597. if (IS_QUIC(s))
  1598. return ossl_quic_has_pending(s);
  1599. #endif
  1600. sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1601. /* Check buffered app data if any first */
  1602. if (SSL_CONNECTION_IS_DTLS(sc)) {
  1603. TLS_RECORD *rdata;
  1604. pitem *item, *iter;
  1605. iter = pqueue_iterator(sc->rlayer.d->buffered_app_data.q);
  1606. while ((item = pqueue_next(&iter)) != NULL) {
  1607. rdata = item->data;
  1608. if (rdata->length > 0)
  1609. return 1;
  1610. }
  1611. }
  1612. if (RECORD_LAYER_processed_read_pending(&sc->rlayer))
  1613. return 1;
  1614. return RECORD_LAYER_read_pending(&sc->rlayer);
  1615. }
  1616. X509 *SSL_get1_peer_certificate(const SSL *s)
  1617. {
  1618. X509 *r = SSL_get0_peer_certificate(s);
  1619. if (r != NULL)
  1620. X509_up_ref(r);
  1621. return r;
  1622. }
  1623. X509 *SSL_get0_peer_certificate(const SSL *s)
  1624. {
  1625. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1626. if (sc == NULL)
  1627. return NULL;
  1628. if (sc->session == NULL)
  1629. return NULL;
  1630. else
  1631. return sc->session->peer;
  1632. }
  1633. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
  1634. {
  1635. STACK_OF(X509) *r;
  1636. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1637. if (sc == NULL)
  1638. return NULL;
  1639. if (sc->session == NULL)
  1640. r = NULL;
  1641. else
  1642. r = sc->session->peer_chain;
  1643. /*
  1644. * If we are a client, cert_chain includes the peer's own certificate; if
  1645. * we are a server, it does not.
  1646. */
  1647. return r;
  1648. }
  1649. /*
  1650. * Now in theory, since the calling process own 't' it should be safe to
  1651. * modify. We need to be able to read f without being hassled
  1652. */
  1653. int SSL_copy_session_id(SSL *t, const SSL *f)
  1654. {
  1655. int i;
  1656. /* TODO(QUIC FUTURE): Not allowed for QUIC currently. */
  1657. SSL_CONNECTION *tsc = SSL_CONNECTION_FROM_SSL_ONLY(t);
  1658. const SSL_CONNECTION *fsc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(f);
  1659. if (tsc == NULL || fsc == NULL)
  1660. return 0;
  1661. /* Do we need to do SSL locking? */
  1662. if (!SSL_set_session(t, SSL_get_session(f))) {
  1663. return 0;
  1664. }
  1665. /*
  1666. * what if we are setup for one protocol version but want to talk another
  1667. */
  1668. if (t->method != f->method) {
  1669. t->method->ssl_deinit(t);
  1670. t->method = f->method;
  1671. if (t->method->ssl_init(t) == 0)
  1672. return 0;
  1673. }
  1674. CRYPTO_UP_REF(&fsc->cert->references, &i);
  1675. ssl_cert_free(tsc->cert);
  1676. tsc->cert = fsc->cert;
  1677. if (!SSL_set_session_id_context(t, fsc->sid_ctx, (int)fsc->sid_ctx_length)) {
  1678. return 0;
  1679. }
  1680. return 1;
  1681. }
  1682. /* Fix this so it checks all the valid key/cert options */
  1683. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
  1684. {
  1685. if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
  1686. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1687. return 0;
  1688. }
  1689. if (ctx->cert->key->privatekey == NULL) {
  1690. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1691. return 0;
  1692. }
  1693. return X509_check_private_key
  1694. (ctx->cert->key->x509, ctx->cert->key->privatekey);
  1695. }
  1696. /* Fix this function so that it takes an optional type parameter */
  1697. int SSL_check_private_key(const SSL *ssl)
  1698. {
  1699. const SSL_CONNECTION *sc;
  1700. if ((sc = SSL_CONNECTION_FROM_CONST_SSL(ssl)) == NULL) {
  1701. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  1702. return 0;
  1703. }
  1704. if (sc->cert->key->x509 == NULL) {
  1705. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1706. return 0;
  1707. }
  1708. if (sc->cert->key->privatekey == NULL) {
  1709. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1710. return 0;
  1711. }
  1712. return X509_check_private_key(sc->cert->key->x509,
  1713. sc->cert->key->privatekey);
  1714. }
  1715. int SSL_waiting_for_async(SSL *s)
  1716. {
  1717. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1718. if (sc == NULL)
  1719. return 0;
  1720. if (sc->job)
  1721. return 1;
  1722. return 0;
  1723. }
  1724. int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
  1725. {
  1726. ASYNC_WAIT_CTX *ctx;
  1727. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1728. if (sc == NULL)
  1729. return 0;
  1730. if ((ctx = sc->waitctx) == NULL)
  1731. return 0;
  1732. return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
  1733. }
  1734. int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
  1735. OSSL_ASYNC_FD *delfd, size_t *numdelfds)
  1736. {
  1737. ASYNC_WAIT_CTX *ctx;
  1738. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1739. if (sc == NULL)
  1740. return 0;
  1741. if ((ctx = sc->waitctx) == NULL)
  1742. return 0;
  1743. return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
  1744. numdelfds);
  1745. }
  1746. int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback)
  1747. {
  1748. ctx->async_cb = callback;
  1749. return 1;
  1750. }
  1751. int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg)
  1752. {
  1753. ctx->async_cb_arg = arg;
  1754. return 1;
  1755. }
  1756. int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback)
  1757. {
  1758. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1759. if (sc == NULL)
  1760. return 0;
  1761. sc->async_cb = callback;
  1762. return 1;
  1763. }
  1764. int SSL_set_async_callback_arg(SSL *s, void *arg)
  1765. {
  1766. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1767. if (sc == NULL)
  1768. return 0;
  1769. sc->async_cb_arg = arg;
  1770. return 1;
  1771. }
  1772. int SSL_get_async_status(SSL *s, int *status)
  1773. {
  1774. ASYNC_WAIT_CTX *ctx;
  1775. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1776. if (sc == NULL)
  1777. return 0;
  1778. if ((ctx = sc->waitctx) == NULL)
  1779. return 0;
  1780. *status = ASYNC_WAIT_CTX_get_status(ctx);
  1781. return 1;
  1782. }
  1783. int SSL_accept(SSL *s)
  1784. {
  1785. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1786. #ifndef OPENSSL_NO_QUIC
  1787. if (IS_QUIC(s))
  1788. return s->method->ssl_accept(s);
  1789. #endif
  1790. if (sc == NULL)
  1791. return 0;
  1792. if (sc->handshake_func == NULL) {
  1793. /* Not properly initialized yet */
  1794. SSL_set_accept_state(s);
  1795. }
  1796. return SSL_do_handshake(s);
  1797. }
  1798. int SSL_connect(SSL *s)
  1799. {
  1800. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1801. #ifndef OPENSSL_NO_QUIC
  1802. if (IS_QUIC(s))
  1803. return s->method->ssl_connect(s);
  1804. #endif
  1805. if (sc == NULL)
  1806. return 0;
  1807. if (sc->handshake_func == NULL) {
  1808. /* Not properly initialized yet */
  1809. SSL_set_connect_state(s);
  1810. }
  1811. return SSL_do_handshake(s);
  1812. }
  1813. long SSL_get_default_timeout(const SSL *s)
  1814. {
  1815. return (long int)ossl_time2seconds(s->method->get_timeout());
  1816. }
  1817. static int ssl_async_wait_ctx_cb(void *arg)
  1818. {
  1819. SSL *s = (SSL *)arg;
  1820. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1821. if (sc == NULL)
  1822. return 0;
  1823. return sc->async_cb(s, sc->async_cb_arg);
  1824. }
  1825. static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
  1826. int (*func) (void *))
  1827. {
  1828. int ret;
  1829. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1830. if (sc == NULL)
  1831. return 0;
  1832. if (sc->waitctx == NULL) {
  1833. sc->waitctx = ASYNC_WAIT_CTX_new();
  1834. if (sc->waitctx == NULL)
  1835. return -1;
  1836. if (sc->async_cb != NULL
  1837. && !ASYNC_WAIT_CTX_set_callback
  1838. (sc->waitctx, ssl_async_wait_ctx_cb, s))
  1839. return -1;
  1840. }
  1841. sc->rwstate = SSL_NOTHING;
  1842. switch (ASYNC_start_job(&sc->job, sc->waitctx, &ret, func, args,
  1843. sizeof(struct ssl_async_args))) {
  1844. case ASYNC_ERR:
  1845. sc->rwstate = SSL_NOTHING;
  1846. ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC);
  1847. return -1;
  1848. case ASYNC_PAUSE:
  1849. sc->rwstate = SSL_ASYNC_PAUSED;
  1850. return -1;
  1851. case ASYNC_NO_JOBS:
  1852. sc->rwstate = SSL_ASYNC_NO_JOBS;
  1853. return -1;
  1854. case ASYNC_FINISH:
  1855. sc->job = NULL;
  1856. return ret;
  1857. default:
  1858. sc->rwstate = SSL_NOTHING;
  1859. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  1860. /* Shouldn't happen */
  1861. return -1;
  1862. }
  1863. }
  1864. static int ssl_io_intern(void *vargs)
  1865. {
  1866. struct ssl_async_args *args;
  1867. SSL *s;
  1868. void *buf;
  1869. size_t num;
  1870. SSL_CONNECTION *sc;
  1871. args = (struct ssl_async_args *)vargs;
  1872. s = args->s;
  1873. buf = args->buf;
  1874. num = args->num;
  1875. if ((sc = SSL_CONNECTION_FROM_SSL(s)) == NULL)
  1876. return -1;
  1877. switch (args->type) {
  1878. case READFUNC:
  1879. return args->f.func_read(s, buf, num, &sc->asyncrw);
  1880. case WRITEFUNC:
  1881. return args->f.func_write(s, buf, num, &sc->asyncrw);
  1882. case OTHERFUNC:
  1883. return args->f.func_other(s);
  1884. }
  1885. return -1;
  1886. }
  1887. int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1888. {
  1889. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1890. #ifndef OPENSSL_NO_QUIC
  1891. if (IS_QUIC(s))
  1892. return s->method->ssl_read(s, buf, num, readbytes);
  1893. #endif
  1894. if (sc == NULL)
  1895. return -1;
  1896. if (sc->handshake_func == NULL) {
  1897. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  1898. return -1;
  1899. }
  1900. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1901. sc->rwstate = SSL_NOTHING;
  1902. return 0;
  1903. }
  1904. if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1905. || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
  1906. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1907. return 0;
  1908. }
  1909. /*
  1910. * If we are a client and haven't received the ServerHello etc then we
  1911. * better do that
  1912. */
  1913. ossl_statem_check_finish_init(sc, 0);
  1914. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1915. struct ssl_async_args args;
  1916. int ret;
  1917. args.s = s;
  1918. args.buf = buf;
  1919. args.num = num;
  1920. args.type = READFUNC;
  1921. args.f.func_read = s->method->ssl_read;
  1922. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1923. *readbytes = sc->asyncrw;
  1924. return ret;
  1925. } else {
  1926. return s->method->ssl_read(s, buf, num, readbytes);
  1927. }
  1928. }
  1929. int SSL_read(SSL *s, void *buf, int num)
  1930. {
  1931. int ret;
  1932. size_t readbytes;
  1933. if (num < 0) {
  1934. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  1935. return -1;
  1936. }
  1937. ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
  1938. /*
  1939. * The cast is safe here because ret should be <= INT_MAX because num is
  1940. * <= INT_MAX
  1941. */
  1942. if (ret > 0)
  1943. ret = (int)readbytes;
  1944. return ret;
  1945. }
  1946. int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1947. {
  1948. int ret = ssl_read_internal(s, buf, num, readbytes);
  1949. if (ret < 0)
  1950. ret = 0;
  1951. return ret;
  1952. }
  1953. int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
  1954. {
  1955. int ret;
  1956. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  1957. /* TODO(QUIC 0RTT): 0-RTT support */
  1958. if (sc == NULL || !sc->server) {
  1959. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1960. return SSL_READ_EARLY_DATA_ERROR;
  1961. }
  1962. switch (sc->early_data_state) {
  1963. case SSL_EARLY_DATA_NONE:
  1964. if (!SSL_in_before(s)) {
  1965. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1966. return SSL_READ_EARLY_DATA_ERROR;
  1967. }
  1968. /* fall through */
  1969. case SSL_EARLY_DATA_ACCEPT_RETRY:
  1970. sc->early_data_state = SSL_EARLY_DATA_ACCEPTING;
  1971. ret = SSL_accept(s);
  1972. if (ret <= 0) {
  1973. /* NBIO or error */
  1974. sc->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
  1975. return SSL_READ_EARLY_DATA_ERROR;
  1976. }
  1977. /* fall through */
  1978. case SSL_EARLY_DATA_READ_RETRY:
  1979. if (sc->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
  1980. sc->early_data_state = SSL_EARLY_DATA_READING;
  1981. ret = SSL_read_ex(s, buf, num, readbytes);
  1982. /*
  1983. * State machine will update early_data_state to
  1984. * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
  1985. * message
  1986. */
  1987. if (ret > 0 || (ret <= 0 && sc->early_data_state
  1988. != SSL_EARLY_DATA_FINISHED_READING)) {
  1989. sc->early_data_state = SSL_EARLY_DATA_READ_RETRY;
  1990. return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
  1991. : SSL_READ_EARLY_DATA_ERROR;
  1992. }
  1993. } else {
  1994. sc->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
  1995. }
  1996. *readbytes = 0;
  1997. return SSL_READ_EARLY_DATA_FINISH;
  1998. default:
  1999. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2000. return SSL_READ_EARLY_DATA_ERROR;
  2001. }
  2002. }
  2003. int SSL_get_early_data_status(const SSL *s)
  2004. {
  2005. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  2006. /* TODO(QUIC 0RTT): 0-RTT support */
  2007. if (sc == NULL)
  2008. return 0;
  2009. return sc->ext.early_data;
  2010. }
  2011. static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  2012. {
  2013. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2014. #ifndef OPENSSL_NO_QUIC
  2015. if (IS_QUIC(s))
  2016. return s->method->ssl_peek(s, buf, num, readbytes);
  2017. #endif
  2018. if (sc == NULL)
  2019. return 0;
  2020. if (sc->handshake_func == NULL) {
  2021. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2022. return -1;
  2023. }
  2024. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  2025. return 0;
  2026. }
  2027. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2028. struct ssl_async_args args;
  2029. int ret;
  2030. args.s = s;
  2031. args.buf = buf;
  2032. args.num = num;
  2033. args.type = READFUNC;
  2034. args.f.func_read = s->method->ssl_peek;
  2035. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  2036. *readbytes = sc->asyncrw;
  2037. return ret;
  2038. } else {
  2039. return s->method->ssl_peek(s, buf, num, readbytes);
  2040. }
  2041. }
  2042. int SSL_peek(SSL *s, void *buf, int num)
  2043. {
  2044. int ret;
  2045. size_t readbytes;
  2046. if (num < 0) {
  2047. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  2048. return -1;
  2049. }
  2050. ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
  2051. /*
  2052. * The cast is safe here because ret should be <= INT_MAX because num is
  2053. * <= INT_MAX
  2054. */
  2055. if (ret > 0)
  2056. ret = (int)readbytes;
  2057. return ret;
  2058. }
  2059. int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  2060. {
  2061. int ret = ssl_peek_internal(s, buf, num, readbytes);
  2062. if (ret < 0)
  2063. ret = 0;
  2064. return ret;
  2065. }
  2066. int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
  2067. {
  2068. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2069. #ifndef OPENSSL_NO_QUIC
  2070. if (IS_QUIC(s))
  2071. return s->method->ssl_write(s, buf, num, written);
  2072. #endif
  2073. if (sc == NULL)
  2074. return 0;
  2075. if (sc->handshake_func == NULL) {
  2076. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2077. return -1;
  2078. }
  2079. if (sc->shutdown & SSL_SENT_SHUTDOWN) {
  2080. sc->rwstate = SSL_NOTHING;
  2081. ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  2082. return -1;
  2083. }
  2084. if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  2085. || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
  2086. || sc->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
  2087. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2088. return 0;
  2089. }
  2090. /* If we are a client and haven't sent the Finished we better do that */
  2091. ossl_statem_check_finish_init(sc, 1);
  2092. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2093. int ret;
  2094. struct ssl_async_args args;
  2095. args.s = s;
  2096. args.buf = (void *)buf;
  2097. args.num = num;
  2098. args.type = WRITEFUNC;
  2099. args.f.func_write = s->method->ssl_write;
  2100. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  2101. *written = sc->asyncrw;
  2102. return ret;
  2103. } else {
  2104. return s->method->ssl_write(s, buf, num, written);
  2105. }
  2106. }
  2107. ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
  2108. {
  2109. ossl_ssize_t ret;
  2110. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2111. if (sc == NULL)
  2112. return 0;
  2113. if (sc->handshake_func == NULL) {
  2114. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2115. return -1;
  2116. }
  2117. if (sc->shutdown & SSL_SENT_SHUTDOWN) {
  2118. sc->rwstate = SSL_NOTHING;
  2119. ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  2120. return -1;
  2121. }
  2122. if (!BIO_get_ktls_send(sc->wbio)) {
  2123. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2124. return -1;
  2125. }
  2126. /* If we have an alert to send, lets send it */
  2127. if (sc->s3.alert_dispatch > 0) {
  2128. ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s);
  2129. if (ret <= 0) {
  2130. /* SSLfatal() already called if appropriate */
  2131. return ret;
  2132. }
  2133. /* if it went, fall through and send more stuff */
  2134. }
  2135. sc->rwstate = SSL_WRITING;
  2136. if (BIO_flush(sc->wbio) <= 0) {
  2137. if (!BIO_should_retry(sc->wbio)) {
  2138. sc->rwstate = SSL_NOTHING;
  2139. } else {
  2140. #ifdef EAGAIN
  2141. set_sys_error(EAGAIN);
  2142. #endif
  2143. }
  2144. return -1;
  2145. }
  2146. #ifdef OPENSSL_NO_KTLS
  2147. ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
  2148. "can't call ktls_sendfile(), ktls disabled");
  2149. return -1;
  2150. #else
  2151. ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags);
  2152. if (ret < 0) {
  2153. #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY)
  2154. if ((get_last_sys_error() == EAGAIN) ||
  2155. (get_last_sys_error() == EINTR) ||
  2156. (get_last_sys_error() == EBUSY))
  2157. BIO_set_retry_write(sc->wbio);
  2158. else
  2159. #endif
  2160. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2161. return ret;
  2162. }
  2163. sc->rwstate = SSL_NOTHING;
  2164. return ret;
  2165. #endif
  2166. }
  2167. int SSL_write(SSL *s, const void *buf, int num)
  2168. {
  2169. int ret;
  2170. size_t written;
  2171. if (num < 0) {
  2172. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  2173. return -1;
  2174. }
  2175. ret = ssl_write_internal(s, buf, (size_t)num, &written);
  2176. /*
  2177. * The cast is safe here because ret should be <= INT_MAX because num is
  2178. * <= INT_MAX
  2179. */
  2180. if (ret > 0)
  2181. ret = (int)written;
  2182. return ret;
  2183. }
  2184. int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
  2185. {
  2186. int ret = ssl_write_internal(s, buf, num, written);
  2187. if (ret < 0)
  2188. ret = 0;
  2189. return ret;
  2190. }
  2191. int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
  2192. {
  2193. int ret, early_data_state;
  2194. size_t writtmp;
  2195. uint32_t partialwrite;
  2196. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2197. /* TODO(QUIC 0RTT): This will need special handling for QUIC */
  2198. if (sc == NULL)
  2199. return 0;
  2200. switch (sc->early_data_state) {
  2201. case SSL_EARLY_DATA_NONE:
  2202. if (sc->server
  2203. || !SSL_in_before(s)
  2204. || ((sc->session == NULL || sc->session->ext.max_early_data == 0)
  2205. && (sc->psk_use_session_cb == NULL))) {
  2206. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2207. return 0;
  2208. }
  2209. /* fall through */
  2210. case SSL_EARLY_DATA_CONNECT_RETRY:
  2211. sc->early_data_state = SSL_EARLY_DATA_CONNECTING;
  2212. ret = SSL_connect(s);
  2213. if (ret <= 0) {
  2214. /* NBIO or error */
  2215. sc->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
  2216. return 0;
  2217. }
  2218. /* fall through */
  2219. case SSL_EARLY_DATA_WRITE_RETRY:
  2220. sc->early_data_state = SSL_EARLY_DATA_WRITING;
  2221. /*
  2222. * We disable partial write for early data because we don't keep track
  2223. * of how many bytes we've written between the SSL_write_ex() call and
  2224. * the flush if the flush needs to be retried)
  2225. */
  2226. partialwrite = sc->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
  2227. sc->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
  2228. ret = SSL_write_ex(s, buf, num, &writtmp);
  2229. sc->mode |= partialwrite;
  2230. if (!ret) {
  2231. sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  2232. return ret;
  2233. }
  2234. sc->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
  2235. /* fall through */
  2236. case SSL_EARLY_DATA_WRITE_FLUSH:
  2237. /* The buffering BIO is still in place so we need to flush it */
  2238. if (statem_flush(sc) != 1)
  2239. return 0;
  2240. *written = num;
  2241. sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  2242. return 1;
  2243. case SSL_EARLY_DATA_FINISHED_READING:
  2244. case SSL_EARLY_DATA_READ_RETRY:
  2245. early_data_state = sc->early_data_state;
  2246. /* We are a server writing to an unauthenticated client */
  2247. sc->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
  2248. ret = SSL_write_ex(s, buf, num, written);
  2249. /* The buffering BIO is still in place */
  2250. if (ret)
  2251. (void)BIO_flush(sc->wbio);
  2252. sc->early_data_state = early_data_state;
  2253. return ret;
  2254. default:
  2255. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2256. return 0;
  2257. }
  2258. }
  2259. int SSL_shutdown(SSL *s)
  2260. {
  2261. /*
  2262. * Note that this function behaves differently from what one might
  2263. * expect. Return values are 0 for no success (yet), 1 for success; but
  2264. * calling it once is usually not enough, even if blocking I/O is used
  2265. * (see ssl3_shutdown).
  2266. */
  2267. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2268. #ifndef OPENSSL_NO_QUIC
  2269. if (IS_QUIC(s))
  2270. return ossl_quic_conn_shutdown(s, 0, NULL, 0);
  2271. #endif
  2272. if (sc == NULL)
  2273. return -1;
  2274. if (sc->handshake_func == NULL) {
  2275. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2276. return -1;
  2277. }
  2278. if (!SSL_in_init(s)) {
  2279. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2280. struct ssl_async_args args;
  2281. memset(&args, 0, sizeof(args));
  2282. args.s = s;
  2283. args.type = OTHERFUNC;
  2284. args.f.func_other = s->method->ssl_shutdown;
  2285. return ssl_start_async_job(s, &args, ssl_io_intern);
  2286. } else {
  2287. return s->method->ssl_shutdown(s);
  2288. }
  2289. } else {
  2290. ERR_raise(ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
  2291. return -1;
  2292. }
  2293. }
  2294. int SSL_key_update(SSL *s, int updatetype)
  2295. {
  2296. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2297. #ifndef OPENSSL_NO_QUIC
  2298. if (IS_QUIC(s))
  2299. return ossl_quic_key_update(s, updatetype);
  2300. #endif
  2301. if (sc == NULL)
  2302. return 0;
  2303. if (!SSL_CONNECTION_IS_TLS13(sc)) {
  2304. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  2305. return 0;
  2306. }
  2307. if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
  2308. && updatetype != SSL_KEY_UPDATE_REQUESTED) {
  2309. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE);
  2310. return 0;
  2311. }
  2312. if (!SSL_is_init_finished(s)) {
  2313. ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
  2314. return 0;
  2315. }
  2316. if (RECORD_LAYER_write_pending(&sc->rlayer)) {
  2317. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
  2318. return 0;
  2319. }
  2320. ossl_statem_set_in_init(sc, 1);
  2321. sc->key_update = updatetype;
  2322. return 1;
  2323. }
  2324. int SSL_get_key_update_type(const SSL *s)
  2325. {
  2326. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2327. #ifndef OPENSSL_NO_QUIC
  2328. if (IS_QUIC(s))
  2329. return ossl_quic_get_key_update_type(s);
  2330. #endif
  2331. if (sc == NULL)
  2332. return 0;
  2333. return sc->key_update;
  2334. }
  2335. /*
  2336. * Can we accept a renegotiation request? If yes, set the flag and
  2337. * return 1 if yes. If not, raise error and return 0.
  2338. */
  2339. static int can_renegotiate(const SSL_CONNECTION *sc)
  2340. {
  2341. if (SSL_CONNECTION_IS_TLS13(sc)) {
  2342. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  2343. return 0;
  2344. }
  2345. if ((sc->options & SSL_OP_NO_RENEGOTIATION) != 0) {
  2346. ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
  2347. return 0;
  2348. }
  2349. return 1;
  2350. }
  2351. int SSL_renegotiate(SSL *s)
  2352. {
  2353. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2354. if (sc == NULL)
  2355. return 0;
  2356. if (!can_renegotiate(sc))
  2357. return 0;
  2358. sc->renegotiate = 1;
  2359. sc->new_session = 1;
  2360. return s->method->ssl_renegotiate(s);
  2361. }
  2362. int SSL_renegotiate_abbreviated(SSL *s)
  2363. {
  2364. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2365. if (sc == NULL)
  2366. return 0;
  2367. if (!can_renegotiate(sc))
  2368. return 0;
  2369. sc->renegotiate = 1;
  2370. sc->new_session = 0;
  2371. return s->method->ssl_renegotiate(s);
  2372. }
  2373. int SSL_renegotiate_pending(const SSL *s)
  2374. {
  2375. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2376. if (sc == NULL)
  2377. return 0;
  2378. /*
  2379. * becomes true when negotiation is requested; false again once a
  2380. * handshake has finished
  2381. */
  2382. return (sc->renegotiate != 0);
  2383. }
  2384. int SSL_new_session_ticket(SSL *s)
  2385. {
  2386. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2387. if (sc == NULL)
  2388. return 0;
  2389. /* If we are in init because we're sending tickets, okay to send more. */
  2390. if ((SSL_in_init(s) && sc->ext.extra_tickets_expected == 0)
  2391. || SSL_IS_FIRST_HANDSHAKE(sc) || !sc->server
  2392. || !SSL_CONNECTION_IS_TLS13(sc))
  2393. return 0;
  2394. sc->ext.extra_tickets_expected++;
  2395. if (!RECORD_LAYER_write_pending(&sc->rlayer) && !SSL_in_init(s))
  2396. ossl_statem_set_in_init(sc, 1);
  2397. return 1;
  2398. }
  2399. long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
  2400. {
  2401. return ossl_ctrl_internal(s, cmd, larg, parg, /*no_quic=*/0);
  2402. }
  2403. long ossl_ctrl_internal(SSL *s, int cmd, long larg, void *parg, int no_quic)
  2404. {
  2405. long l;
  2406. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2407. if (sc == NULL)
  2408. return 0;
  2409. /*
  2410. * Routing of ctrl calls for QUIC is a little counterintuitive:
  2411. *
  2412. * - Firstly (no_quic=0), we pass the ctrl directly to our QUIC
  2413. * implementation in case it wants to handle the ctrl specially.
  2414. *
  2415. * - If our QUIC implementation does not care about the ctrl, it
  2416. * will reenter this function with no_quic=1 and we will try to handle
  2417. * it directly using the QCSO SSL object stub (not the handshake layer
  2418. * SSL object). This is important for e.g. the version configuration
  2419. * ctrls below, which must use s->defltmeth (and not sc->defltmeth).
  2420. *
  2421. * - If we don't handle a ctrl here specially, then processing is
  2422. * redirected to the handshake layer SSL object.
  2423. */
  2424. if (!no_quic && IS_QUIC(s))
  2425. return s->method->ssl_ctrl(s, cmd, larg, parg);
  2426. switch (cmd) {
  2427. case SSL_CTRL_GET_READ_AHEAD:
  2428. return RECORD_LAYER_get_read_ahead(&sc->rlayer);
  2429. case SSL_CTRL_SET_READ_AHEAD:
  2430. l = RECORD_LAYER_get_read_ahead(&sc->rlayer);
  2431. RECORD_LAYER_set_read_ahead(&sc->rlayer, larg);
  2432. return l;
  2433. case SSL_CTRL_MODE:
  2434. {
  2435. OSSL_PARAM options[2], *opts = options;
  2436. sc->mode |= larg;
  2437. *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
  2438. &sc->mode);
  2439. *opts = OSSL_PARAM_construct_end();
  2440. /* Ignore return value */
  2441. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  2442. return sc->mode;
  2443. }
  2444. case SSL_CTRL_CLEAR_MODE:
  2445. return (sc->mode &= ~larg);
  2446. case SSL_CTRL_GET_MAX_CERT_LIST:
  2447. return (long)sc->max_cert_list;
  2448. case SSL_CTRL_SET_MAX_CERT_LIST:
  2449. if (larg < 0)
  2450. return 0;
  2451. l = (long)sc->max_cert_list;
  2452. sc->max_cert_list = (size_t)larg;
  2453. return l;
  2454. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2455. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2456. return 0;
  2457. #ifndef OPENSSL_NO_KTLS
  2458. if (sc->wbio != NULL && BIO_get_ktls_send(sc->wbio))
  2459. return 0;
  2460. #endif /* OPENSSL_NO_KTLS */
  2461. sc->max_send_fragment = larg;
  2462. if (sc->max_send_fragment < sc->split_send_fragment)
  2463. sc->split_send_fragment = sc->max_send_fragment;
  2464. sc->rlayer.wrlmethod->set_max_frag_len(sc->rlayer.wrl, larg);
  2465. return 1;
  2466. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2467. if ((size_t)larg > sc->max_send_fragment || larg == 0)
  2468. return 0;
  2469. sc->split_send_fragment = larg;
  2470. return 1;
  2471. case SSL_CTRL_SET_MAX_PIPELINES:
  2472. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2473. return 0;
  2474. sc->max_pipelines = larg;
  2475. if (sc->rlayer.rrlmethod->set_max_pipelines != NULL)
  2476. sc->rlayer.rrlmethod->set_max_pipelines(sc->rlayer.rrl, (size_t)larg);
  2477. return 1;
  2478. case SSL_CTRL_GET_RI_SUPPORT:
  2479. return sc->s3.send_connection_binding;
  2480. case SSL_CTRL_SET_RETRY_VERIFY:
  2481. sc->rwstate = SSL_RETRY_VERIFY;
  2482. return 1;
  2483. case SSL_CTRL_CERT_FLAGS:
  2484. return (sc->cert->cert_flags |= larg);
  2485. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2486. return (sc->cert->cert_flags &= ~larg);
  2487. case SSL_CTRL_GET_RAW_CIPHERLIST:
  2488. if (parg) {
  2489. if (sc->s3.tmp.ciphers_raw == NULL)
  2490. return 0;
  2491. *(unsigned char **)parg = sc->s3.tmp.ciphers_raw;
  2492. return (int)sc->s3.tmp.ciphers_rawlen;
  2493. } else {
  2494. return TLS_CIPHER_LEN;
  2495. }
  2496. case SSL_CTRL_GET_EXTMS_SUPPORT:
  2497. if (!sc->session || SSL_in_init(s) || ossl_statem_get_in_handshake(sc))
  2498. return -1;
  2499. if (sc->session->flags & SSL_SESS_FLAG_EXTMS)
  2500. return 1;
  2501. else
  2502. return 0;
  2503. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2504. return ssl_check_allowed_versions(larg, sc->max_proto_version)
  2505. && ssl_set_version_bound(s->defltmeth->version, (int)larg,
  2506. &sc->min_proto_version);
  2507. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2508. return sc->min_proto_version;
  2509. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2510. return ssl_check_allowed_versions(sc->min_proto_version, larg)
  2511. && ssl_set_version_bound(s->defltmeth->version, (int)larg,
  2512. &sc->max_proto_version);
  2513. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2514. return sc->max_proto_version;
  2515. default:
  2516. if (IS_QUIC(s))
  2517. return SSL_ctrl((SSL *)sc, cmd, larg, parg);
  2518. else
  2519. return s->method->ssl_ctrl(s, cmd, larg, parg);
  2520. }
  2521. }
  2522. long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
  2523. {
  2524. return s->method->ssl_callback_ctrl(s, cmd, fp);
  2525. }
  2526. LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
  2527. {
  2528. return ctx->sessions;
  2529. }
  2530. static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat)
  2531. {
  2532. int res = 0;
  2533. if (ssl_tsan_lock(ctx)) {
  2534. res = tsan_load(stat);
  2535. ssl_tsan_unlock(ctx);
  2536. }
  2537. return res;
  2538. }
  2539. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  2540. {
  2541. long l;
  2542. /* For some cases with ctx == NULL perform syntax checks */
  2543. if (ctx == NULL) {
  2544. switch (cmd) {
  2545. case SSL_CTRL_SET_GROUPS_LIST:
  2546. return tls1_set_groups_list(ctx, NULL, NULL, parg);
  2547. case SSL_CTRL_SET_SIGALGS_LIST:
  2548. case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
  2549. return tls1_set_sigalgs_list(NULL, parg, 0);
  2550. default:
  2551. return 0;
  2552. }
  2553. }
  2554. switch (cmd) {
  2555. case SSL_CTRL_GET_READ_AHEAD:
  2556. return ctx->read_ahead;
  2557. case SSL_CTRL_SET_READ_AHEAD:
  2558. l = ctx->read_ahead;
  2559. ctx->read_ahead = larg;
  2560. return l;
  2561. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  2562. ctx->msg_callback_arg = parg;
  2563. return 1;
  2564. case SSL_CTRL_GET_MAX_CERT_LIST:
  2565. return (long)ctx->max_cert_list;
  2566. case SSL_CTRL_SET_MAX_CERT_LIST:
  2567. if (larg < 0)
  2568. return 0;
  2569. l = (long)ctx->max_cert_list;
  2570. ctx->max_cert_list = (size_t)larg;
  2571. return l;
  2572. case SSL_CTRL_SET_SESS_CACHE_SIZE:
  2573. if (larg < 0)
  2574. return 0;
  2575. l = (long)ctx->session_cache_size;
  2576. ctx->session_cache_size = (size_t)larg;
  2577. return l;
  2578. case SSL_CTRL_GET_SESS_CACHE_SIZE:
  2579. return (long)ctx->session_cache_size;
  2580. case SSL_CTRL_SET_SESS_CACHE_MODE:
  2581. l = ctx->session_cache_mode;
  2582. ctx->session_cache_mode = larg;
  2583. return l;
  2584. case SSL_CTRL_GET_SESS_CACHE_MODE:
  2585. return ctx->session_cache_mode;
  2586. case SSL_CTRL_SESS_NUMBER:
  2587. return lh_SSL_SESSION_num_items(ctx->sessions);
  2588. case SSL_CTRL_SESS_CONNECT:
  2589. return ssl_tsan_load(ctx, &ctx->stats.sess_connect);
  2590. case SSL_CTRL_SESS_CONNECT_GOOD:
  2591. return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good);
  2592. case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
  2593. return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate);
  2594. case SSL_CTRL_SESS_ACCEPT:
  2595. return ssl_tsan_load(ctx, &ctx->stats.sess_accept);
  2596. case SSL_CTRL_SESS_ACCEPT_GOOD:
  2597. return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good);
  2598. case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
  2599. return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate);
  2600. case SSL_CTRL_SESS_HIT:
  2601. return ssl_tsan_load(ctx, &ctx->stats.sess_hit);
  2602. case SSL_CTRL_SESS_CB_HIT:
  2603. return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit);
  2604. case SSL_CTRL_SESS_MISSES:
  2605. return ssl_tsan_load(ctx, &ctx->stats.sess_miss);
  2606. case SSL_CTRL_SESS_TIMEOUTS:
  2607. return ssl_tsan_load(ctx, &ctx->stats.sess_timeout);
  2608. case SSL_CTRL_SESS_CACHE_FULL:
  2609. return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full);
  2610. case SSL_CTRL_MODE:
  2611. return (ctx->mode |= larg);
  2612. case SSL_CTRL_CLEAR_MODE:
  2613. return (ctx->mode &= ~larg);
  2614. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2615. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2616. return 0;
  2617. ctx->max_send_fragment = larg;
  2618. if (ctx->max_send_fragment < ctx->split_send_fragment)
  2619. ctx->split_send_fragment = ctx->max_send_fragment;
  2620. return 1;
  2621. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2622. if ((size_t)larg > ctx->max_send_fragment || larg == 0)
  2623. return 0;
  2624. ctx->split_send_fragment = larg;
  2625. return 1;
  2626. case SSL_CTRL_SET_MAX_PIPELINES:
  2627. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2628. return 0;
  2629. ctx->max_pipelines = larg;
  2630. return 1;
  2631. case SSL_CTRL_CERT_FLAGS:
  2632. return (ctx->cert->cert_flags |= larg);
  2633. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2634. return (ctx->cert->cert_flags &= ~larg);
  2635. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2636. return ssl_check_allowed_versions(larg, ctx->max_proto_version)
  2637. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2638. &ctx->min_proto_version);
  2639. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2640. return ctx->min_proto_version;
  2641. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2642. return ssl_check_allowed_versions(ctx->min_proto_version, larg)
  2643. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2644. &ctx->max_proto_version);
  2645. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2646. return ctx->max_proto_version;
  2647. default:
  2648. return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
  2649. }
  2650. }
  2651. long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
  2652. {
  2653. switch (cmd) {
  2654. case SSL_CTRL_SET_MSG_CALLBACK:
  2655. ctx->msg_callback = (void (*)
  2656. (int write_p, int version, int content_type,
  2657. const void *buf, size_t len, SSL *ssl,
  2658. void *arg))(fp);
  2659. return 1;
  2660. default:
  2661. return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
  2662. }
  2663. }
  2664. int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
  2665. {
  2666. if (a->id > b->id)
  2667. return 1;
  2668. if (a->id < b->id)
  2669. return -1;
  2670. return 0;
  2671. }
  2672. int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
  2673. const SSL_CIPHER *const *bp)
  2674. {
  2675. if ((*ap)->id > (*bp)->id)
  2676. return 1;
  2677. if ((*ap)->id < (*bp)->id)
  2678. return -1;
  2679. return 0;
  2680. }
  2681. /*
  2682. * return a STACK of the ciphers available for the SSL and in order of
  2683. * preference
  2684. */
  2685. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
  2686. {
  2687. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2688. if (sc != NULL) {
  2689. if (sc->cipher_list != NULL) {
  2690. return sc->cipher_list;
  2691. } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
  2692. return s->ctx->cipher_list;
  2693. }
  2694. }
  2695. return NULL;
  2696. }
  2697. STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
  2698. {
  2699. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2700. if (sc == NULL || !sc->server)
  2701. return NULL;
  2702. return sc->peer_ciphers;
  2703. }
  2704. STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
  2705. {
  2706. STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
  2707. int i;
  2708. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2709. if (sc == NULL)
  2710. return NULL;
  2711. ciphers = SSL_get_ciphers(s);
  2712. if (!ciphers)
  2713. return NULL;
  2714. if (!ssl_set_client_disabled(sc))
  2715. return NULL;
  2716. for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
  2717. const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
  2718. if (!ssl_cipher_disabled(sc, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
  2719. if (!sk)
  2720. sk = sk_SSL_CIPHER_new_null();
  2721. if (!sk)
  2722. return NULL;
  2723. if (!sk_SSL_CIPHER_push(sk, c)) {
  2724. sk_SSL_CIPHER_free(sk);
  2725. return NULL;
  2726. }
  2727. }
  2728. }
  2729. return sk;
  2730. }
  2731. /** return a STACK of the ciphers available for the SSL and in order of
  2732. * algorithm id */
  2733. STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *s)
  2734. {
  2735. if (s != NULL) {
  2736. if (s->cipher_list_by_id != NULL)
  2737. return s->cipher_list_by_id;
  2738. else if (s->ssl.ctx != NULL
  2739. && s->ssl.ctx->cipher_list_by_id != NULL)
  2740. return s->ssl.ctx->cipher_list_by_id;
  2741. }
  2742. return NULL;
  2743. }
  2744. /** The old interface to get the same thing as SSL_get_ciphers() */
  2745. const char *SSL_get_cipher_list(const SSL *s, int n)
  2746. {
  2747. const SSL_CIPHER *c;
  2748. STACK_OF(SSL_CIPHER) *sk;
  2749. if (s == NULL)
  2750. return NULL;
  2751. sk = SSL_get_ciphers(s);
  2752. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
  2753. return NULL;
  2754. c = sk_SSL_CIPHER_value(sk, n);
  2755. if (c == NULL)
  2756. return NULL;
  2757. return c->name;
  2758. }
  2759. /** return a STACK of the ciphers available for the SSL_CTX and in order of
  2760. * preference */
  2761. STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
  2762. {
  2763. if (ctx != NULL)
  2764. return ctx->cipher_list;
  2765. return NULL;
  2766. }
  2767. /*
  2768. * Distinguish between ciphers controlled by set_ciphersuite() and
  2769. * set_cipher_list() when counting.
  2770. */
  2771. static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
  2772. {
  2773. int i, num = 0;
  2774. const SSL_CIPHER *c;
  2775. if (sk == NULL)
  2776. return 0;
  2777. for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
  2778. c = sk_SSL_CIPHER_value(sk, i);
  2779. if (c->min_tls >= TLS1_3_VERSION)
  2780. continue;
  2781. num++;
  2782. }
  2783. return num;
  2784. }
  2785. /** specify the ciphers to be used by default by the SSL_CTX */
  2786. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
  2787. {
  2788. STACK_OF(SSL_CIPHER) *sk;
  2789. sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites,
  2790. &ctx->cipher_list, &ctx->cipher_list_by_id, str,
  2791. ctx->cert);
  2792. /*
  2793. * ssl_create_cipher_list may return an empty stack if it was unable to
  2794. * find a cipher matching the given rule string (for example if the rule
  2795. * string specifies a cipher which has been disabled). This is not an
  2796. * error as far as ssl_create_cipher_list is concerned, and hence
  2797. * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
  2798. */
  2799. if (sk == NULL)
  2800. return 0;
  2801. else if (cipher_list_tls12_num(sk) == 0) {
  2802. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
  2803. return 0;
  2804. }
  2805. return 1;
  2806. }
  2807. /** specify the ciphers to be used by the SSL */
  2808. int SSL_set_cipher_list(SSL *s, const char *str)
  2809. {
  2810. STACK_OF(SSL_CIPHER) *sk;
  2811. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2812. if (sc == NULL)
  2813. return 0;
  2814. sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites,
  2815. &sc->cipher_list, &sc->cipher_list_by_id, str,
  2816. sc->cert);
  2817. /* see comment in SSL_CTX_set_cipher_list */
  2818. if (sk == NULL)
  2819. return 0;
  2820. else if (cipher_list_tls12_num(sk) == 0) {
  2821. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
  2822. return 0;
  2823. }
  2824. return 1;
  2825. }
  2826. char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
  2827. {
  2828. char *p;
  2829. STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
  2830. const SSL_CIPHER *c;
  2831. int i;
  2832. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2833. if (sc == NULL)
  2834. return NULL;
  2835. if (!sc->server
  2836. || sc->peer_ciphers == NULL
  2837. || size < 2)
  2838. return NULL;
  2839. p = buf;
  2840. clntsk = sc->peer_ciphers;
  2841. srvrsk = SSL_get_ciphers(s);
  2842. if (clntsk == NULL || srvrsk == NULL)
  2843. return NULL;
  2844. if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
  2845. return NULL;
  2846. for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
  2847. int n;
  2848. c = sk_SSL_CIPHER_value(clntsk, i);
  2849. if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
  2850. continue;
  2851. n = OPENSSL_strnlen(c->name, size);
  2852. if (n >= size) {
  2853. if (p != buf)
  2854. --p;
  2855. *p = '\0';
  2856. return buf;
  2857. }
  2858. memcpy(p, c->name, n);
  2859. p += n;
  2860. *(p++) = ':';
  2861. size -= n + 1;
  2862. }
  2863. p[-1] = '\0';
  2864. return buf;
  2865. }
  2866. /**
  2867. * Return the requested servername (SNI) value. Note that the behaviour varies
  2868. * depending on:
  2869. * - whether this is called by the client or the server,
  2870. * - if we are before or during/after the handshake,
  2871. * - if a resumption or normal handshake is being attempted/has occurred
  2872. * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
  2873. *
  2874. * Note that only the host_name type is defined (RFC 3546).
  2875. */
  2876. const char *SSL_get_servername(const SSL *s, const int type)
  2877. {
  2878. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2879. int server;
  2880. if (sc == NULL)
  2881. return NULL;
  2882. /*
  2883. * If we don't know if we are the client or the server yet then we assume
  2884. * client.
  2885. */
  2886. server = sc->handshake_func == NULL ? 0 : sc->server;
  2887. if (type != TLSEXT_NAMETYPE_host_name)
  2888. return NULL;
  2889. if (server) {
  2890. /**
  2891. * Server side
  2892. * In TLSv1.3 on the server SNI is not associated with the session
  2893. * but in TLSv1.2 or below it is.
  2894. *
  2895. * Before the handshake:
  2896. * - return NULL
  2897. *
  2898. * During/after the handshake (TLSv1.2 or below resumption occurred):
  2899. * - If a servername was accepted by the server in the original
  2900. * handshake then it will return that servername, or NULL otherwise.
  2901. *
  2902. * During/after the handshake (TLSv1.2 or below resumption did not occur):
  2903. * - The function will return the servername requested by the client in
  2904. * this handshake or NULL if none was requested.
  2905. */
  2906. if (sc->hit && !SSL_CONNECTION_IS_TLS13(sc))
  2907. return sc->session->ext.hostname;
  2908. } else {
  2909. /**
  2910. * Client side
  2911. *
  2912. * Before the handshake:
  2913. * - If a servername has been set via a call to
  2914. * SSL_set_tlsext_host_name() then it will return that servername
  2915. * - If one has not been set, but a TLSv1.2 resumption is being
  2916. * attempted and the session from the original handshake had a
  2917. * servername accepted by the server then it will return that
  2918. * servername
  2919. * - Otherwise it returns NULL
  2920. *
  2921. * During/after the handshake (TLSv1.2 or below resumption occurred):
  2922. * - If the session from the original handshake had a servername accepted
  2923. * by the server then it will return that servername.
  2924. * - Otherwise it returns the servername set via
  2925. * SSL_set_tlsext_host_name() (or NULL if it was not called).
  2926. *
  2927. * During/after the handshake (TLSv1.2 or below resumption did not occur):
  2928. * - It will return the servername set via SSL_set_tlsext_host_name()
  2929. * (or NULL if it was not called).
  2930. */
  2931. if (SSL_in_before(s)) {
  2932. if (sc->ext.hostname == NULL
  2933. && sc->session != NULL
  2934. && sc->session->ssl_version != TLS1_3_VERSION)
  2935. return sc->session->ext.hostname;
  2936. } else {
  2937. if (!SSL_CONNECTION_IS_TLS13(sc) && sc->hit
  2938. && sc->session->ext.hostname != NULL)
  2939. return sc->session->ext.hostname;
  2940. }
  2941. }
  2942. return sc->ext.hostname;
  2943. }
  2944. int SSL_get_servername_type(const SSL *s)
  2945. {
  2946. if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
  2947. return TLSEXT_NAMETYPE_host_name;
  2948. return -1;
  2949. }
  2950. /*
  2951. * SSL_select_next_proto implements the standard protocol selection. It is
  2952. * expected that this function is called from the callback set by
  2953. * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
  2954. * vector of 8-bit, length prefixed byte strings. The length byte itself is
  2955. * not included in the length. A byte string of length 0 is invalid. No byte
  2956. * string may be truncated. The current, but experimental algorithm for
  2957. * selecting the protocol is: 1) If the server doesn't support NPN then this
  2958. * is indicated to the callback. In this case, the client application has to
  2959. * abort the connection or have a default application level protocol. 2) If
  2960. * the server supports NPN, but advertises an empty list then the client
  2961. * selects the first protocol in its list, but indicates via the API that this
  2962. * fallback case was enacted. 3) Otherwise, the client finds the first
  2963. * protocol in the server's list that it supports and selects this protocol.
  2964. * This is because it's assumed that the server has better information about
  2965. * which protocol a client should use. 4) If the client doesn't support any
  2966. * of the server's advertised protocols, then this is treated the same as
  2967. * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
  2968. * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
  2969. */
  2970. int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
  2971. const unsigned char *server,
  2972. unsigned int server_len,
  2973. const unsigned char *client, unsigned int client_len)
  2974. {
  2975. unsigned int i, j;
  2976. const unsigned char *result;
  2977. int status = OPENSSL_NPN_UNSUPPORTED;
  2978. /*
  2979. * For each protocol in server preference order, see if we support it.
  2980. */
  2981. for (i = 0; i < server_len;) {
  2982. for (j = 0; j < client_len;) {
  2983. if (server[i] == client[j] &&
  2984. memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
  2985. /* We found a match */
  2986. result = &server[i];
  2987. status = OPENSSL_NPN_NEGOTIATED;
  2988. goto found;
  2989. }
  2990. j += client[j];
  2991. j++;
  2992. }
  2993. i += server[i];
  2994. i++;
  2995. }
  2996. /* There's no overlap between our protocols and the server's list. */
  2997. result = client;
  2998. status = OPENSSL_NPN_NO_OVERLAP;
  2999. found:
  3000. *out = (unsigned char *)result + 1;
  3001. *outlen = result[0];
  3002. return status;
  3003. }
  3004. #ifndef OPENSSL_NO_NEXTPROTONEG
  3005. /*
  3006. * SSL_get0_next_proto_negotiated sets *data and *len to point to the
  3007. * client's requested protocol for this connection and returns 0. If the
  3008. * client didn't request any protocol, then *data is set to NULL. Note that
  3009. * the client can request any protocol it chooses. The value returned from
  3010. * this function need not be a member of the list of supported protocols
  3011. * provided by the callback.
  3012. */
  3013. void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  3014. unsigned *len)
  3015. {
  3016. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3017. if (sc == NULL) {
  3018. /* We have no other way to indicate error */
  3019. *data = NULL;
  3020. *len = 0;
  3021. return;
  3022. }
  3023. *data = sc->ext.npn;
  3024. if (*data == NULL) {
  3025. *len = 0;
  3026. } else {
  3027. *len = (unsigned int)sc->ext.npn_len;
  3028. }
  3029. }
  3030. /*
  3031. * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  3032. * a TLS server needs a list of supported protocols for Next Protocol
  3033. * Negotiation. The returned list must be in wire format. The list is
  3034. * returned by setting |out| to point to it and |outlen| to its length. This
  3035. * memory will not be modified, but one should assume that the SSL* keeps a
  3036. * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
  3037. * wishes to advertise. Otherwise, no such extension will be included in the
  3038. * ServerHello.
  3039. */
  3040. void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
  3041. SSL_CTX_npn_advertised_cb_func cb,
  3042. void *arg)
  3043. {
  3044. if (IS_QUIC_CTX(ctx))
  3045. /* NPN not allowed for QUIC */
  3046. return;
  3047. ctx->ext.npn_advertised_cb = cb;
  3048. ctx->ext.npn_advertised_cb_arg = arg;
  3049. }
  3050. /*
  3051. * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
  3052. * client needs to select a protocol from the server's provided list. |out|
  3053. * must be set to point to the selected protocol (which may be within |in|).
  3054. * The length of the protocol name must be written into |outlen|. The
  3055. * server's advertised protocols are provided in |in| and |inlen|. The
  3056. * callback can assume that |in| is syntactically valid. The client must
  3057. * select a protocol. It is fatal to the connection if this callback returns
  3058. * a value other than SSL_TLSEXT_ERR_OK.
  3059. */
  3060. void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
  3061. SSL_CTX_npn_select_cb_func cb,
  3062. void *arg)
  3063. {
  3064. if (IS_QUIC_CTX(ctx))
  3065. /* NPN not allowed for QUIC */
  3066. return;
  3067. ctx->ext.npn_select_cb = cb;
  3068. ctx->ext.npn_select_cb_arg = arg;
  3069. }
  3070. #endif
  3071. static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
  3072. {
  3073. unsigned int idx;
  3074. if (protos_len < 2 || protos == NULL)
  3075. return 0;
  3076. for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
  3077. if (protos[idx] == 0)
  3078. return 0;
  3079. }
  3080. return idx == protos_len;
  3081. }
  3082. /*
  3083. * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
  3084. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  3085. * length-prefixed strings). Returns 0 on success.
  3086. */
  3087. int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
  3088. unsigned int protos_len)
  3089. {
  3090. unsigned char *alpn;
  3091. if (protos_len == 0 || protos == NULL) {
  3092. OPENSSL_free(ctx->ext.alpn);
  3093. ctx->ext.alpn = NULL;
  3094. ctx->ext.alpn_len = 0;
  3095. return 0;
  3096. }
  3097. /* Not valid per RFC */
  3098. if (!alpn_value_ok(protos, protos_len))
  3099. return 1;
  3100. alpn = OPENSSL_memdup(protos, protos_len);
  3101. if (alpn == NULL)
  3102. return 1;
  3103. OPENSSL_free(ctx->ext.alpn);
  3104. ctx->ext.alpn = alpn;
  3105. ctx->ext.alpn_len = protos_len;
  3106. return 0;
  3107. }
  3108. /*
  3109. * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
  3110. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  3111. * length-prefixed strings). Returns 0 on success.
  3112. */
  3113. int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  3114. unsigned int protos_len)
  3115. {
  3116. unsigned char *alpn;
  3117. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  3118. if (sc == NULL)
  3119. return 1;
  3120. if (protos_len == 0 || protos == NULL) {
  3121. OPENSSL_free(sc->ext.alpn);
  3122. sc->ext.alpn = NULL;
  3123. sc->ext.alpn_len = 0;
  3124. return 0;
  3125. }
  3126. /* Not valid per RFC */
  3127. if (!alpn_value_ok(protos, protos_len))
  3128. return 1;
  3129. alpn = OPENSSL_memdup(protos, protos_len);
  3130. if (alpn == NULL)
  3131. return 1;
  3132. OPENSSL_free(sc->ext.alpn);
  3133. sc->ext.alpn = alpn;
  3134. sc->ext.alpn_len = protos_len;
  3135. return 0;
  3136. }
  3137. /*
  3138. * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
  3139. * called during ClientHello processing in order to select an ALPN protocol
  3140. * from the client's list of offered protocols.
  3141. */
  3142. void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
  3143. SSL_CTX_alpn_select_cb_func cb,
  3144. void *arg)
  3145. {
  3146. ctx->ext.alpn_select_cb = cb;
  3147. ctx->ext.alpn_select_cb_arg = arg;
  3148. }
  3149. /*
  3150. * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
  3151. * On return it sets |*data| to point to |*len| bytes of protocol name
  3152. * (not including the leading length-prefix byte). If the server didn't
  3153. * respond with a negotiated protocol then |*len| will be zero.
  3154. */
  3155. void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
  3156. unsigned int *len)
  3157. {
  3158. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  3159. if (sc == NULL) {
  3160. /* We have no other way to indicate error */
  3161. *data = NULL;
  3162. *len = 0;
  3163. return;
  3164. }
  3165. *data = sc->s3.alpn_selected;
  3166. if (*data == NULL)
  3167. *len = 0;
  3168. else
  3169. *len = (unsigned int)sc->s3.alpn_selected_len;
  3170. }
  3171. int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
  3172. const char *label, size_t llen,
  3173. const unsigned char *context, size_t contextlen,
  3174. int use_context)
  3175. {
  3176. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3177. if (sc == NULL)
  3178. return -1;
  3179. if (sc->session == NULL
  3180. || (sc->version < TLS1_VERSION && sc->version != DTLS1_BAD_VER))
  3181. return -1;
  3182. return s->method->ssl3_enc->export_keying_material(sc, out, olen, label,
  3183. llen, context,
  3184. contextlen, use_context);
  3185. }
  3186. int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
  3187. const char *label, size_t llen,
  3188. const unsigned char *context,
  3189. size_t contextlen)
  3190. {
  3191. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3192. if (sc == NULL)
  3193. return -1;
  3194. if (sc->version != TLS1_3_VERSION)
  3195. return 0;
  3196. return tls13_export_keying_material_early(sc, out, olen, label, llen,
  3197. context, contextlen);
  3198. }
  3199. static unsigned long ssl_session_hash(const SSL_SESSION *a)
  3200. {
  3201. const unsigned char *session_id = a->session_id;
  3202. unsigned long l;
  3203. unsigned char tmp_storage[4];
  3204. if (a->session_id_length < sizeof(tmp_storage)) {
  3205. memset(tmp_storage, 0, sizeof(tmp_storage));
  3206. memcpy(tmp_storage, a->session_id, a->session_id_length);
  3207. session_id = tmp_storage;
  3208. }
  3209. l = (unsigned long)
  3210. ((unsigned long)session_id[0]) |
  3211. ((unsigned long)session_id[1] << 8L) |
  3212. ((unsigned long)session_id[2] << 16L) |
  3213. ((unsigned long)session_id[3] << 24L);
  3214. return l;
  3215. }
  3216. /*
  3217. * NB: If this function (or indeed the hash function which uses a sort of
  3218. * coarser function than this one) is changed, ensure
  3219. * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
  3220. * being able to construct an SSL_SESSION that will collide with any existing
  3221. * session with a matching session ID.
  3222. */
  3223. static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  3224. {
  3225. if (a->ssl_version != b->ssl_version)
  3226. return 1;
  3227. if (a->session_id_length != b->session_id_length)
  3228. return 1;
  3229. return memcmp(a->session_id, b->session_id, a->session_id_length);
  3230. }
  3231. /*
  3232. * These wrapper functions should remain rather than redeclaring
  3233. * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
  3234. * variable. The reason is that the functions aren't static, they're exposed
  3235. * via ssl.h.
  3236. */
  3237. SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
  3238. const SSL_METHOD *meth)
  3239. {
  3240. SSL_CTX *ret = NULL;
  3241. #ifndef OPENSSL_NO_COMP_ALG
  3242. int i;
  3243. #endif
  3244. if (meth == NULL) {
  3245. ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED);
  3246. return NULL;
  3247. }
  3248. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  3249. return NULL;
  3250. /* Doing this for the run once effect */
  3251. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
  3252. ERR_raise(ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
  3253. goto err;
  3254. }
  3255. ret = OPENSSL_zalloc(sizeof(*ret));
  3256. if (ret == NULL)
  3257. return NULL;
  3258. /* Init the reference counting before any call to SSL_CTX_free */
  3259. if (!CRYPTO_NEW_REF(&ret->references, 1)) {
  3260. OPENSSL_free(ret);
  3261. return NULL;
  3262. }
  3263. ret->lock = CRYPTO_THREAD_lock_new();
  3264. if (ret->lock == NULL) {
  3265. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3266. goto err;
  3267. }
  3268. #ifdef TSAN_REQUIRES_LOCKING
  3269. ret->tsan_lock = CRYPTO_THREAD_lock_new();
  3270. if (ret->tsan_lock == NULL) {
  3271. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3272. goto err;
  3273. }
  3274. #endif
  3275. ret->libctx = libctx;
  3276. if (propq != NULL) {
  3277. ret->propq = OPENSSL_strdup(propq);
  3278. if (ret->propq == NULL)
  3279. goto err;
  3280. }
  3281. ret->method = meth;
  3282. ret->min_proto_version = 0;
  3283. ret->max_proto_version = 0;
  3284. ret->mode = SSL_MODE_AUTO_RETRY;
  3285. ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
  3286. ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
  3287. /* We take the system default. */
  3288. ret->session_timeout = meth->get_timeout();
  3289. ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
  3290. ret->verify_mode = SSL_VERIFY_NONE;
  3291. ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
  3292. if (ret->sessions == NULL) {
  3293. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3294. goto err;
  3295. }
  3296. ret->cert_store = X509_STORE_new();
  3297. if (ret->cert_store == NULL) {
  3298. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  3299. goto err;
  3300. }
  3301. #ifndef OPENSSL_NO_CT
  3302. ret->ctlog_store = CTLOG_STORE_new_ex(libctx, propq);
  3303. if (ret->ctlog_store == NULL) {
  3304. ERR_raise(ERR_LIB_SSL, ERR_R_CT_LIB);
  3305. goto err;
  3306. }
  3307. #endif
  3308. /* initialize cipher/digest methods table */
  3309. if (!ssl_load_ciphers(ret)) {
  3310. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3311. goto err;
  3312. }
  3313. if (!ssl_load_groups(ret)) {
  3314. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3315. goto err;
  3316. }
  3317. /* load provider sigalgs */
  3318. if (!ssl_load_sigalgs(ret)) {
  3319. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3320. goto err;
  3321. }
  3322. /* initialise sig algs */
  3323. if (!ssl_setup_sigalgs(ret)) {
  3324. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3325. goto err;
  3326. }
  3327. if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) {
  3328. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3329. goto err;
  3330. }
  3331. if ((ret->cert = ssl_cert_new(SSL_PKEY_NUM + ret->sigalg_list_len)) == NULL) {
  3332. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3333. goto err;
  3334. }
  3335. if (!ssl_create_cipher_list(ret,
  3336. ret->tls13_ciphersuites,
  3337. &ret->cipher_list, &ret->cipher_list_by_id,
  3338. OSSL_default_cipher_list(), ret->cert)
  3339. || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
  3340. ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
  3341. goto err;
  3342. }
  3343. ret->param = X509_VERIFY_PARAM_new();
  3344. if (ret->param == NULL) {
  3345. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  3346. goto err;
  3347. }
  3348. /*
  3349. * If these aren't available from the provider we'll get NULL returns.
  3350. * That's fine but will cause errors later if SSLv3 is negotiated
  3351. */
  3352. ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq);
  3353. ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq);
  3354. if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) {
  3355. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3356. goto err;
  3357. }
  3358. if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) {
  3359. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3360. goto err;
  3361. }
  3362. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) {
  3363. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3364. goto err;
  3365. }
  3366. if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
  3367. goto err;
  3368. /* No compression for DTLS */
  3369. if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
  3370. ret->comp_methods = SSL_COMP_get_compression_methods();
  3371. ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  3372. ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  3373. /* Setup RFC5077 ticket keys */
  3374. if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
  3375. sizeof(ret->ext.tick_key_name), 0) <= 0)
  3376. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
  3377. sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0)
  3378. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
  3379. sizeof(ret->ext.secure->tick_aes_key), 0) <= 0))
  3380. ret->options |= SSL_OP_NO_TICKET;
  3381. if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
  3382. sizeof(ret->ext.cookie_hmac_key), 0) <= 0) {
  3383. ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
  3384. goto err;
  3385. }
  3386. #ifndef OPENSSL_NO_SRP
  3387. if (!ssl_ctx_srp_ctx_init_intern(ret)) {
  3388. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3389. goto err;
  3390. }
  3391. #endif
  3392. #ifndef OPENSSL_NO_ENGINE
  3393. # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
  3394. # define eng_strx(x) #x
  3395. # define eng_str(x) eng_strx(x)
  3396. /* Use specific client engine automatically... ignore errors */
  3397. {
  3398. ENGINE *eng;
  3399. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  3400. if (!eng) {
  3401. ERR_clear_error();
  3402. ENGINE_load_builtin_engines();
  3403. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  3404. }
  3405. if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
  3406. ERR_clear_error();
  3407. }
  3408. # endif
  3409. #endif
  3410. #ifndef OPENSSL_NO_COMP_ALG
  3411. /*
  3412. * Set the default order: brotli, zlib, zstd
  3413. * Including only those enabled algorithms
  3414. */
  3415. memset(ret->cert_comp_prefs, 0, sizeof(ret->cert_comp_prefs));
  3416. i = 0;
  3417. if (ossl_comp_has_alg(TLSEXT_comp_cert_brotli))
  3418. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_brotli;
  3419. if (ossl_comp_has_alg(TLSEXT_comp_cert_zlib))
  3420. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zlib;
  3421. if (ossl_comp_has_alg(TLSEXT_comp_cert_zstd))
  3422. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zstd;
  3423. #endif
  3424. /*
  3425. * Disable compression by default to prevent CRIME. Applications can
  3426. * re-enable compression by configuring
  3427. * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
  3428. * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
  3429. * middlebox compatibility by default. This may be disabled by default in
  3430. * a later OpenSSL version.
  3431. */
  3432. ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
  3433. ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
  3434. /*
  3435. * We cannot usefully set a default max_early_data here (which gets
  3436. * propagated in SSL_new(), for the following reason: setting the
  3437. * SSL field causes tls_construct_stoc_early_data() to tell the
  3438. * client that early data will be accepted when constructing a TLS 1.3
  3439. * session ticket, and the client will accordingly send us early data
  3440. * when using that ticket (if the client has early data to send).
  3441. * However, in order for the early data to actually be consumed by
  3442. * the application, the application must also have calls to
  3443. * SSL_read_early_data(); otherwise we'll just skip past the early data
  3444. * and ignore it. So, since the application must add calls to
  3445. * SSL_read_early_data(), we also require them to add
  3446. * calls to SSL_CTX_set_max_early_data() in order to use early data,
  3447. * eliminating the bandwidth-wasting early data in the case described
  3448. * above.
  3449. */
  3450. ret->max_early_data = 0;
  3451. /*
  3452. * Default recv_max_early_data is a fully loaded single record. Could be
  3453. * split across multiple records in practice. We set this differently to
  3454. * max_early_data so that, in the default case, we do not advertise any
  3455. * support for early_data, but if a client were to send us some (e.g.
  3456. * because of an old, stale ticket) then we will tolerate it and skip over
  3457. * it.
  3458. */
  3459. ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
  3460. /* By default we send two session tickets automatically in TLSv1.3 */
  3461. ret->num_tickets = 2;
  3462. ssl_ctx_system_config(ret);
  3463. return ret;
  3464. err:
  3465. SSL_CTX_free(ret);
  3466. return NULL;
  3467. }
  3468. SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  3469. {
  3470. return SSL_CTX_new_ex(NULL, NULL, meth);
  3471. }
  3472. int SSL_CTX_up_ref(SSL_CTX *ctx)
  3473. {
  3474. int i;
  3475. if (CRYPTO_UP_REF(&ctx->references, &i) <= 0)
  3476. return 0;
  3477. REF_PRINT_COUNT("SSL_CTX", ctx);
  3478. REF_ASSERT_ISNT(i < 2);
  3479. return ((i > 1) ? 1 : 0);
  3480. }
  3481. void SSL_CTX_free(SSL_CTX *a)
  3482. {
  3483. int i;
  3484. size_t j;
  3485. if (a == NULL)
  3486. return;
  3487. CRYPTO_DOWN_REF(&a->references, &i);
  3488. REF_PRINT_COUNT("SSL_CTX", a);
  3489. if (i > 0)
  3490. return;
  3491. REF_ASSERT_ISNT(i < 0);
  3492. X509_VERIFY_PARAM_free(a->param);
  3493. dane_ctx_final(&a->dane);
  3494. /*
  3495. * Free internal session cache. However: the remove_cb() may reference
  3496. * the ex_data of SSL_CTX, thus the ex_data store can only be removed
  3497. * after the sessions were flushed.
  3498. * As the ex_data handling routines might also touch the session cache,
  3499. * the most secure solution seems to be: empty (flush) the cache, then
  3500. * free ex_data, then finally free the cache.
  3501. * (See ticket [openssl.org #212].)
  3502. */
  3503. if (a->sessions != NULL)
  3504. SSL_CTX_flush_sessions(a, 0);
  3505. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
  3506. lh_SSL_SESSION_free(a->sessions);
  3507. X509_STORE_free(a->cert_store);
  3508. #ifndef OPENSSL_NO_CT
  3509. CTLOG_STORE_free(a->ctlog_store);
  3510. #endif
  3511. sk_SSL_CIPHER_free(a->cipher_list);
  3512. sk_SSL_CIPHER_free(a->cipher_list_by_id);
  3513. sk_SSL_CIPHER_free(a->tls13_ciphersuites);
  3514. ssl_cert_free(a->cert);
  3515. sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
  3516. sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
  3517. OSSL_STACK_OF_X509_free(a->extra_certs);
  3518. a->comp_methods = NULL;
  3519. #ifndef OPENSSL_NO_SRTP
  3520. sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
  3521. #endif
  3522. #ifndef OPENSSL_NO_SRP
  3523. ssl_ctx_srp_ctx_free_intern(a);
  3524. #endif
  3525. #ifndef OPENSSL_NO_ENGINE
  3526. tls_engine_finish(a->client_cert_engine);
  3527. #endif
  3528. OPENSSL_free(a->ext.ecpointformats);
  3529. OPENSSL_free(a->ext.supportedgroups);
  3530. OPENSSL_free(a->ext.supported_groups_default);
  3531. OPENSSL_free(a->ext.alpn);
  3532. OPENSSL_secure_free(a->ext.secure);
  3533. ssl_evp_md_free(a->md5);
  3534. ssl_evp_md_free(a->sha1);
  3535. for (j = 0; j < SSL_ENC_NUM_IDX; j++)
  3536. ssl_evp_cipher_free(a->ssl_cipher_methods[j]);
  3537. for (j = 0; j < SSL_MD_NUM_IDX; j++)
  3538. ssl_evp_md_free(a->ssl_digest_methods[j]);
  3539. for (j = 0; j < a->group_list_len; j++) {
  3540. OPENSSL_free(a->group_list[j].tlsname);
  3541. OPENSSL_free(a->group_list[j].realname);
  3542. OPENSSL_free(a->group_list[j].algorithm);
  3543. }
  3544. OPENSSL_free(a->group_list);
  3545. for (j = 0; j < a->sigalg_list_len; j++) {
  3546. OPENSSL_free(a->sigalg_list[j].name);
  3547. OPENSSL_free(a->sigalg_list[j].sigalg_name);
  3548. OPENSSL_free(a->sigalg_list[j].sigalg_oid);
  3549. OPENSSL_free(a->sigalg_list[j].sig_name);
  3550. OPENSSL_free(a->sigalg_list[j].sig_oid);
  3551. OPENSSL_free(a->sigalg_list[j].hash_name);
  3552. OPENSSL_free(a->sigalg_list[j].hash_oid);
  3553. OPENSSL_free(a->sigalg_list[j].keytype);
  3554. OPENSSL_free(a->sigalg_list[j].keytype_oid);
  3555. }
  3556. OPENSSL_free(a->sigalg_list);
  3557. OPENSSL_free(a->ssl_cert_info);
  3558. OPENSSL_free(a->sigalg_lookup_cache);
  3559. OPENSSL_free(a->tls12_sigalgs);
  3560. OPENSSL_free(a->client_cert_type);
  3561. OPENSSL_free(a->server_cert_type);
  3562. CRYPTO_THREAD_lock_free(a->lock);
  3563. CRYPTO_FREE_REF(&a->references);
  3564. #ifdef TSAN_REQUIRES_LOCKING
  3565. CRYPTO_THREAD_lock_free(a->tsan_lock);
  3566. #endif
  3567. OPENSSL_free(a->propq);
  3568. OPENSSL_free(a);
  3569. }
  3570. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
  3571. {
  3572. ctx->default_passwd_callback = cb;
  3573. }
  3574. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
  3575. {
  3576. ctx->default_passwd_callback_userdata = u;
  3577. }
  3578. pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
  3579. {
  3580. return ctx->default_passwd_callback;
  3581. }
  3582. void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
  3583. {
  3584. return ctx->default_passwd_callback_userdata;
  3585. }
  3586. void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
  3587. {
  3588. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3589. if (sc == NULL)
  3590. return;
  3591. sc->default_passwd_callback = cb;
  3592. }
  3593. void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
  3594. {
  3595. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3596. if (sc == NULL)
  3597. return;
  3598. sc->default_passwd_callback_userdata = u;
  3599. }
  3600. pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
  3601. {
  3602. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3603. if (sc == NULL)
  3604. return NULL;
  3605. return sc->default_passwd_callback;
  3606. }
  3607. void *SSL_get_default_passwd_cb_userdata(SSL *s)
  3608. {
  3609. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3610. if (sc == NULL)
  3611. return NULL;
  3612. return sc->default_passwd_callback_userdata;
  3613. }
  3614. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
  3615. int (*cb) (X509_STORE_CTX *, void *),
  3616. void *arg)
  3617. {
  3618. ctx->app_verify_callback = cb;
  3619. ctx->app_verify_arg = arg;
  3620. }
  3621. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  3622. int (*cb) (int, X509_STORE_CTX *))
  3623. {
  3624. ctx->verify_mode = mode;
  3625. ctx->default_verify_callback = cb;
  3626. }
  3627. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
  3628. {
  3629. X509_VERIFY_PARAM_set_depth(ctx->param, depth);
  3630. }
  3631. void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
  3632. {
  3633. ssl_cert_set_cert_cb(c->cert, cb, arg);
  3634. }
  3635. void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
  3636. {
  3637. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3638. if (sc == NULL)
  3639. return;
  3640. ssl_cert_set_cert_cb(sc->cert, cb, arg);
  3641. }
  3642. void ssl_set_masks(SSL_CONNECTION *s)
  3643. {
  3644. CERT *c = s->cert;
  3645. uint32_t *pvalid = s->s3.tmp.valid_flags;
  3646. int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
  3647. unsigned long mask_k, mask_a;
  3648. int have_ecc_cert, ecdsa_ok;
  3649. if (c == NULL)
  3650. return;
  3651. dh_tmp = (c->dh_tmp != NULL
  3652. || c->dh_tmp_cb != NULL
  3653. || c->dh_tmp_auto);
  3654. rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3655. rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3656. dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
  3657. have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
  3658. mask_k = 0;
  3659. mask_a = 0;
  3660. OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
  3661. dh_tmp, rsa_enc, rsa_sign, dsa_sign);
  3662. #ifndef OPENSSL_NO_GOST
  3663. if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
  3664. mask_k |= SSL_kGOST | SSL_kGOST18;
  3665. mask_a |= SSL_aGOST12;
  3666. }
  3667. if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
  3668. mask_k |= SSL_kGOST | SSL_kGOST18;
  3669. mask_a |= SSL_aGOST12;
  3670. }
  3671. if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
  3672. mask_k |= SSL_kGOST;
  3673. mask_a |= SSL_aGOST01;
  3674. }
  3675. #endif
  3676. if (rsa_enc)
  3677. mask_k |= SSL_kRSA;
  3678. if (dh_tmp)
  3679. mask_k |= SSL_kDHE;
  3680. /*
  3681. * If we only have an RSA-PSS certificate allow RSA authentication
  3682. * if TLS 1.2 and peer supports it.
  3683. */
  3684. if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
  3685. && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
  3686. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION))
  3687. mask_a |= SSL_aRSA;
  3688. if (dsa_sign) {
  3689. mask_a |= SSL_aDSS;
  3690. }
  3691. mask_a |= SSL_aNULL;
  3692. /*
  3693. * You can do anything with an RPK key, since there's no cert to restrict it
  3694. * But we need to check for private keys
  3695. */
  3696. if (pvalid[SSL_PKEY_RSA] & CERT_PKEY_RPK) {
  3697. mask_a |= SSL_aRSA;
  3698. mask_k |= SSL_kRSA;
  3699. }
  3700. if (pvalid[SSL_PKEY_ECC] & CERT_PKEY_RPK)
  3701. mask_a |= SSL_aECDSA;
  3702. if (TLS1_get_version(&s->ssl) == TLS1_2_VERSION) {
  3703. if (pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_RPK)
  3704. mask_a |= SSL_aRSA;
  3705. if (pvalid[SSL_PKEY_ED25519] & CERT_PKEY_RPK
  3706. || pvalid[SSL_PKEY_ED448] & CERT_PKEY_RPK)
  3707. mask_a |= SSL_aECDSA;
  3708. }
  3709. /*
  3710. * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
  3711. * depending on the key usage extension.
  3712. */
  3713. if (have_ecc_cert) {
  3714. uint32_t ex_kusage;
  3715. ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
  3716. ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
  3717. if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
  3718. ecdsa_ok = 0;
  3719. if (ecdsa_ok)
  3720. mask_a |= SSL_aECDSA;
  3721. }
  3722. /* Allow Ed25519 for TLS 1.2 if peer supports it */
  3723. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
  3724. && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
  3725. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
  3726. mask_a |= SSL_aECDSA;
  3727. /* Allow Ed448 for TLS 1.2 if peer supports it */
  3728. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
  3729. && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
  3730. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
  3731. mask_a |= SSL_aECDSA;
  3732. mask_k |= SSL_kECDHE;
  3733. #ifndef OPENSSL_NO_PSK
  3734. mask_k |= SSL_kPSK;
  3735. mask_a |= SSL_aPSK;
  3736. if (mask_k & SSL_kRSA)
  3737. mask_k |= SSL_kRSAPSK;
  3738. if (mask_k & SSL_kDHE)
  3739. mask_k |= SSL_kDHEPSK;
  3740. if (mask_k & SSL_kECDHE)
  3741. mask_k |= SSL_kECDHEPSK;
  3742. #endif
  3743. s->s3.tmp.mask_k = mask_k;
  3744. s->s3.tmp.mask_a = mask_a;
  3745. }
  3746. int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s)
  3747. {
  3748. if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
  3749. /* key usage, if present, must allow signing */
  3750. if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
  3751. ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  3752. return 0;
  3753. }
  3754. }
  3755. return 1; /* all checks are ok */
  3756. }
  3757. int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s,
  3758. const unsigned char **serverinfo,
  3759. size_t *serverinfo_length)
  3760. {
  3761. CERT_PKEY *cpk = s->s3.tmp.cert;
  3762. *serverinfo_length = 0;
  3763. if (cpk == NULL || cpk->serverinfo == NULL)
  3764. return 0;
  3765. *serverinfo = cpk->serverinfo;
  3766. *serverinfo_length = cpk->serverinfo_length;
  3767. return 1;
  3768. }
  3769. void ssl_update_cache(SSL_CONNECTION *s, int mode)
  3770. {
  3771. int i;
  3772. /*
  3773. * If the session_id_length is 0, we are not supposed to cache it, and it
  3774. * would be rather hard to do anyway :-)
  3775. */
  3776. if (s->session->session_id_length == 0)
  3777. return;
  3778. /*
  3779. * If sid_ctx_length is 0 there is no specific application context
  3780. * associated with this session, so when we try to resume it and
  3781. * SSL_VERIFY_PEER is requested to verify the client identity, we have no
  3782. * indication that this is actually a session for the proper application
  3783. * context, and the *handshake* will fail, not just the resumption attempt.
  3784. * Do not cache (on the server) these sessions that are not resumable
  3785. * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
  3786. */
  3787. if (s->server && s->session->sid_ctx_length == 0
  3788. && (s->verify_mode & SSL_VERIFY_PEER) != 0)
  3789. return;
  3790. i = s->session_ctx->session_cache_mode;
  3791. if ((i & mode) != 0
  3792. && (!s->hit || SSL_CONNECTION_IS_TLS13(s))) {
  3793. /*
  3794. * Add the session to the internal cache. In server side TLSv1.3 we
  3795. * normally don't do this because by default it's a full stateless ticket
  3796. * with only a dummy session id so there is no reason to cache it,
  3797. * unless:
  3798. * - we are doing early_data, in which case we cache so that we can
  3799. * detect replays
  3800. * - the application has set a remove_session_cb so needs to know about
  3801. * session timeout events
  3802. * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
  3803. */
  3804. if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
  3805. && (!SSL_CONNECTION_IS_TLS13(s)
  3806. || !s->server
  3807. || (s->max_early_data > 0
  3808. && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
  3809. || s->session_ctx->remove_session_cb != NULL
  3810. || (s->options & SSL_OP_NO_TICKET) != 0))
  3811. SSL_CTX_add_session(s->session_ctx, s->session);
  3812. /*
  3813. * Add the session to the external cache. We do this even in server side
  3814. * TLSv1.3 without early data because some applications just want to
  3815. * know about the creation of a session and aren't doing a full cache.
  3816. */
  3817. if (s->session_ctx->new_session_cb != NULL) {
  3818. SSL_SESSION_up_ref(s->session);
  3819. if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s),
  3820. s->session))
  3821. SSL_SESSION_free(s->session);
  3822. }
  3823. }
  3824. /* auto flush every 255 connections */
  3825. if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
  3826. TSAN_QUALIFIER int *stat;
  3827. if (mode & SSL_SESS_CACHE_CLIENT)
  3828. stat = &s->session_ctx->stats.sess_connect_good;
  3829. else
  3830. stat = &s->session_ctx->stats.sess_accept_good;
  3831. if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff)
  3832. SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
  3833. }
  3834. }
  3835. const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
  3836. {
  3837. return ctx->method;
  3838. }
  3839. const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
  3840. {
  3841. return s->method;
  3842. }
  3843. int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
  3844. {
  3845. int ret = 1;
  3846. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3847. /* Not allowed for QUIC */
  3848. if (sc == NULL
  3849. || (s->type != SSL_TYPE_SSL_CONNECTION && s->method != meth)
  3850. || (s->type == SSL_TYPE_SSL_CONNECTION && IS_QUIC_METHOD(meth)))
  3851. return 0;
  3852. if (s->method != meth) {
  3853. const SSL_METHOD *sm = s->method;
  3854. int (*hf) (SSL *) = sc->handshake_func;
  3855. if (sm->version == meth->version)
  3856. s->method = meth;
  3857. else {
  3858. sm->ssl_deinit(s);
  3859. s->method = meth;
  3860. ret = s->method->ssl_init(s);
  3861. }
  3862. if (hf == sm->ssl_connect)
  3863. sc->handshake_func = meth->ssl_connect;
  3864. else if (hf == sm->ssl_accept)
  3865. sc->handshake_func = meth->ssl_accept;
  3866. }
  3867. return ret;
  3868. }
  3869. int SSL_get_error(const SSL *s, int i)
  3870. {
  3871. return ossl_ssl_get_error(s, i, /*check_err=*/1);
  3872. }
  3873. int ossl_ssl_get_error(const SSL *s, int i, int check_err)
  3874. {
  3875. int reason;
  3876. unsigned long l;
  3877. BIO *bio;
  3878. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3879. if (i > 0)
  3880. return SSL_ERROR_NONE;
  3881. #ifndef OPENSSL_NO_QUIC
  3882. if (IS_QUIC(s)) {
  3883. reason = ossl_quic_get_error(s, i);
  3884. if (reason != SSL_ERROR_NONE)
  3885. return reason;
  3886. }
  3887. #endif
  3888. if (sc == NULL)
  3889. return SSL_ERROR_SSL;
  3890. /*
  3891. * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
  3892. * where we do encode the error
  3893. */
  3894. if (check_err && (l = ERR_peek_error()) != 0) {
  3895. if (ERR_GET_LIB(l) == ERR_LIB_SYS)
  3896. return SSL_ERROR_SYSCALL;
  3897. else
  3898. return SSL_ERROR_SSL;
  3899. }
  3900. #ifndef OPENSSL_NO_QUIC
  3901. if (!IS_QUIC(s))
  3902. #endif
  3903. {
  3904. if (SSL_want_read(s)) {
  3905. bio = SSL_get_rbio(s);
  3906. if (BIO_should_read(bio))
  3907. return SSL_ERROR_WANT_READ;
  3908. else if (BIO_should_write(bio))
  3909. /*
  3910. * This one doesn't make too much sense ... We never try to
  3911. * write to the rbio, and an application program where rbio and
  3912. * wbio are separate couldn't even know what it should wait for.
  3913. * However if we ever set s->rwstate incorrectly (so that we
  3914. * have SSL_want_read(s) instead of SSL_want_write(s)) and rbio
  3915. * and wbio *are* the same, this test works around that bug; so
  3916. * it might be safer to keep it.
  3917. */
  3918. return SSL_ERROR_WANT_WRITE;
  3919. else if (BIO_should_io_special(bio)) {
  3920. reason = BIO_get_retry_reason(bio);
  3921. if (reason == BIO_RR_CONNECT)
  3922. return SSL_ERROR_WANT_CONNECT;
  3923. else if (reason == BIO_RR_ACCEPT)
  3924. return SSL_ERROR_WANT_ACCEPT;
  3925. else
  3926. return SSL_ERROR_SYSCALL; /* unknown */
  3927. }
  3928. }
  3929. if (SSL_want_write(s)) {
  3930. /*
  3931. * Access wbio directly - in order to use the buffered bio if
  3932. * present
  3933. */
  3934. bio = sc->wbio;
  3935. if (BIO_should_write(bio))
  3936. return SSL_ERROR_WANT_WRITE;
  3937. else if (BIO_should_read(bio))
  3938. /*
  3939. * See above (SSL_want_read(s) with BIO_should_write(bio))
  3940. */
  3941. return SSL_ERROR_WANT_READ;
  3942. else if (BIO_should_io_special(bio)) {
  3943. reason = BIO_get_retry_reason(bio);
  3944. if (reason == BIO_RR_CONNECT)
  3945. return SSL_ERROR_WANT_CONNECT;
  3946. else if (reason == BIO_RR_ACCEPT)
  3947. return SSL_ERROR_WANT_ACCEPT;
  3948. else
  3949. return SSL_ERROR_SYSCALL;
  3950. }
  3951. }
  3952. }
  3953. if (SSL_want_x509_lookup(s))
  3954. return SSL_ERROR_WANT_X509_LOOKUP;
  3955. if (SSL_want_retry_verify(s))
  3956. return SSL_ERROR_WANT_RETRY_VERIFY;
  3957. if (SSL_want_async(s))
  3958. return SSL_ERROR_WANT_ASYNC;
  3959. if (SSL_want_async_job(s))
  3960. return SSL_ERROR_WANT_ASYNC_JOB;
  3961. if (SSL_want_client_hello_cb(s))
  3962. return SSL_ERROR_WANT_CLIENT_HELLO_CB;
  3963. if ((sc->shutdown & SSL_RECEIVED_SHUTDOWN) &&
  3964. (sc->s3.warn_alert == SSL_AD_CLOSE_NOTIFY))
  3965. return SSL_ERROR_ZERO_RETURN;
  3966. return SSL_ERROR_SYSCALL;
  3967. }
  3968. static int ssl_do_handshake_intern(void *vargs)
  3969. {
  3970. struct ssl_async_args *args = (struct ssl_async_args *)vargs;
  3971. SSL *s = args->s;
  3972. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3973. if (sc == NULL)
  3974. return -1;
  3975. return sc->handshake_func(s);
  3976. }
  3977. int SSL_do_handshake(SSL *s)
  3978. {
  3979. int ret = 1;
  3980. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3981. #ifndef OPENSSL_NO_QUIC
  3982. if (IS_QUIC(s))
  3983. return ossl_quic_do_handshake(s);
  3984. #endif
  3985. if (sc->handshake_func == NULL) {
  3986. ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
  3987. return -1;
  3988. }
  3989. ossl_statem_check_finish_init(sc, -1);
  3990. s->method->ssl_renegotiate_check(s, 0);
  3991. if (SSL_in_init(s) || SSL_in_before(s)) {
  3992. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  3993. struct ssl_async_args args;
  3994. memset(&args, 0, sizeof(args));
  3995. args.s = s;
  3996. ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
  3997. } else {
  3998. ret = sc->handshake_func(s);
  3999. }
  4000. }
  4001. return ret;
  4002. }
  4003. void SSL_set_accept_state(SSL *s)
  4004. {
  4005. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4006. #ifndef OPENSSL_NO_QUIC
  4007. if (IS_QUIC(s)) {
  4008. ossl_quic_set_accept_state(s);
  4009. return;
  4010. }
  4011. #endif
  4012. sc->server = 1;
  4013. sc->shutdown = 0;
  4014. ossl_statem_clear(sc);
  4015. sc->handshake_func = s->method->ssl_accept;
  4016. /* Ignore return value. Its a void public API function */
  4017. clear_record_layer(sc);
  4018. }
  4019. void SSL_set_connect_state(SSL *s)
  4020. {
  4021. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4022. #ifndef OPENSSL_NO_QUIC
  4023. if (IS_QUIC(s)) {
  4024. ossl_quic_set_connect_state(s);
  4025. return;
  4026. }
  4027. #endif
  4028. sc->server = 0;
  4029. sc->shutdown = 0;
  4030. ossl_statem_clear(sc);
  4031. sc->handshake_func = s->method->ssl_connect;
  4032. /* Ignore return value. Its a void public API function */
  4033. clear_record_layer(sc);
  4034. }
  4035. int ssl_undefined_function(SSL *s)
  4036. {
  4037. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  4038. return 0;
  4039. }
  4040. int ssl_undefined_void_function(void)
  4041. {
  4042. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  4043. return 0;
  4044. }
  4045. int ssl_undefined_const_function(const SSL *s)
  4046. {
  4047. return 0;
  4048. }
  4049. const SSL_METHOD *ssl_bad_method(int ver)
  4050. {
  4051. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  4052. return NULL;
  4053. }
  4054. const char *ssl_protocol_to_string(int version)
  4055. {
  4056. switch (version)
  4057. {
  4058. case TLS1_3_VERSION:
  4059. return "TLSv1.3";
  4060. case TLS1_2_VERSION:
  4061. return "TLSv1.2";
  4062. case TLS1_1_VERSION:
  4063. return "TLSv1.1";
  4064. case TLS1_VERSION:
  4065. return "TLSv1";
  4066. case SSL3_VERSION:
  4067. return "SSLv3";
  4068. case DTLS1_BAD_VER:
  4069. return "DTLSv0.9";
  4070. case DTLS1_VERSION:
  4071. return "DTLSv1";
  4072. case DTLS1_2_VERSION:
  4073. return "DTLSv1.2";
  4074. default:
  4075. return "unknown";
  4076. }
  4077. }
  4078. const char *SSL_get_version(const SSL *s)
  4079. {
  4080. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4081. #ifndef OPENSSL_NO_QUIC
  4082. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4083. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4084. return "QUICv1";
  4085. #endif
  4086. if (sc == NULL)
  4087. return NULL;
  4088. return ssl_protocol_to_string(sc->version);
  4089. }
  4090. __owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt)
  4091. {
  4092. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4093. if (sc == NULL)
  4094. return -1;
  4095. if (sc->ts_msg_write.t <= 0 || sc->ts_msg_read.t <= 0)
  4096. return 0; /* data not (yet) available */
  4097. if (sc->ts_msg_read.t < sc->ts_msg_write.t)
  4098. return -1;
  4099. *rtt = ossl_time2us(ossl_time_subtract(sc->ts_msg_read, sc->ts_msg_write));
  4100. return 1;
  4101. }
  4102. static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
  4103. {
  4104. STACK_OF(X509_NAME) *sk;
  4105. X509_NAME *xn;
  4106. int i;
  4107. if (src == NULL) {
  4108. *dst = NULL;
  4109. return 1;
  4110. }
  4111. if ((sk = sk_X509_NAME_new_null()) == NULL)
  4112. return 0;
  4113. for (i = 0; i < sk_X509_NAME_num(src); i++) {
  4114. xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
  4115. if (xn == NULL) {
  4116. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  4117. return 0;
  4118. }
  4119. if (sk_X509_NAME_insert(sk, xn, i) == 0) {
  4120. X509_NAME_free(xn);
  4121. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  4122. return 0;
  4123. }
  4124. }
  4125. *dst = sk;
  4126. return 1;
  4127. }
  4128. SSL *SSL_dup(SSL *s)
  4129. {
  4130. SSL *ret;
  4131. int i;
  4132. /* TODO(QUIC FUTURE): Add a SSL_METHOD function for duplication */
  4133. SSL_CONNECTION *retsc;
  4134. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4135. if (sc == NULL)
  4136. return NULL;
  4137. /* If we're not quiescent, just up_ref! */
  4138. if (!SSL_in_init(s) || !SSL_in_before(s)) {
  4139. CRYPTO_UP_REF(&s->references, &i);
  4140. return s;
  4141. }
  4142. /*
  4143. * Otherwise, copy configuration state, and session if set.
  4144. */
  4145. if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
  4146. return NULL;
  4147. if ((retsc = SSL_CONNECTION_FROM_SSL_ONLY(ret)) == NULL)
  4148. goto err;
  4149. if (sc->session != NULL) {
  4150. /*
  4151. * Arranges to share the same session via up_ref. This "copies"
  4152. * session-id, SSL_METHOD, sid_ctx, and 'cert'
  4153. */
  4154. if (!SSL_copy_session_id(ret, s))
  4155. goto err;
  4156. } else {
  4157. /*
  4158. * No session has been established yet, so we have to expect that
  4159. * s->cert or ret->cert will be changed later -- they should not both
  4160. * point to the same object, and thus we can't use
  4161. * SSL_copy_session_id.
  4162. */
  4163. if (!SSL_set_ssl_method(ret, s->method))
  4164. goto err;
  4165. if (sc->cert != NULL) {
  4166. ssl_cert_free(retsc->cert);
  4167. retsc->cert = ssl_cert_dup(sc->cert);
  4168. if (retsc->cert == NULL)
  4169. goto err;
  4170. }
  4171. if (!SSL_set_session_id_context(ret, sc->sid_ctx,
  4172. (int)sc->sid_ctx_length))
  4173. goto err;
  4174. }
  4175. if (!ssl_dane_dup(retsc, sc))
  4176. goto err;
  4177. retsc->version = sc->version;
  4178. retsc->options = sc->options;
  4179. retsc->min_proto_version = sc->min_proto_version;
  4180. retsc->max_proto_version = sc->max_proto_version;
  4181. retsc->mode = sc->mode;
  4182. SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
  4183. SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
  4184. retsc->msg_callback = sc->msg_callback;
  4185. retsc->msg_callback_arg = sc->msg_callback_arg;
  4186. SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
  4187. SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
  4188. retsc->generate_session_id = sc->generate_session_id;
  4189. SSL_set_info_callback(ret, SSL_get_info_callback(s));
  4190. /* copy app data, a little dangerous perhaps */
  4191. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
  4192. goto err;
  4193. retsc->server = sc->server;
  4194. if (sc->handshake_func) {
  4195. if (sc->server)
  4196. SSL_set_accept_state(ret);
  4197. else
  4198. SSL_set_connect_state(ret);
  4199. }
  4200. retsc->shutdown = sc->shutdown;
  4201. retsc->hit = sc->hit;
  4202. retsc->default_passwd_callback = sc->default_passwd_callback;
  4203. retsc->default_passwd_callback_userdata = sc->default_passwd_callback_userdata;
  4204. X509_VERIFY_PARAM_inherit(retsc->param, sc->param);
  4205. /* dup the cipher_list and cipher_list_by_id stacks */
  4206. if (sc->cipher_list != NULL) {
  4207. if ((retsc->cipher_list = sk_SSL_CIPHER_dup(sc->cipher_list)) == NULL)
  4208. goto err;
  4209. }
  4210. if (sc->cipher_list_by_id != NULL)
  4211. if ((retsc->cipher_list_by_id = sk_SSL_CIPHER_dup(sc->cipher_list_by_id))
  4212. == NULL)
  4213. goto err;
  4214. /* Dup the client_CA list */
  4215. if (!dup_ca_names(&retsc->ca_names, sc->ca_names)
  4216. || !dup_ca_names(&retsc->client_ca_names, sc->client_ca_names))
  4217. goto err;
  4218. return ret;
  4219. err:
  4220. SSL_free(ret);
  4221. return NULL;
  4222. }
  4223. X509 *SSL_get_certificate(const SSL *s)
  4224. {
  4225. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4226. if (sc == NULL)
  4227. return NULL;
  4228. if (sc->cert != NULL)
  4229. return sc->cert->key->x509;
  4230. else
  4231. return NULL;
  4232. }
  4233. EVP_PKEY *SSL_get_privatekey(const SSL *s)
  4234. {
  4235. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4236. if (sc == NULL)
  4237. return NULL;
  4238. if (sc->cert != NULL)
  4239. return sc->cert->key->privatekey;
  4240. else
  4241. return NULL;
  4242. }
  4243. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
  4244. {
  4245. if (ctx->cert != NULL)
  4246. return ctx->cert->key->x509;
  4247. else
  4248. return NULL;
  4249. }
  4250. EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
  4251. {
  4252. if (ctx->cert != NULL)
  4253. return ctx->cert->key->privatekey;
  4254. else
  4255. return NULL;
  4256. }
  4257. const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
  4258. {
  4259. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4260. if (sc == NULL)
  4261. return NULL;
  4262. if ((sc->session != NULL) && (sc->session->cipher != NULL))
  4263. return sc->session->cipher;
  4264. return NULL;
  4265. }
  4266. const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
  4267. {
  4268. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4269. if (sc == NULL)
  4270. return NULL;
  4271. return sc->s3.tmp.new_cipher;
  4272. }
  4273. const COMP_METHOD *SSL_get_current_compression(const SSL *s)
  4274. {
  4275. #ifndef OPENSSL_NO_COMP
  4276. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4277. if (sc == NULL)
  4278. return NULL;
  4279. return sc->rlayer.wrlmethod->get_compression(sc->rlayer.wrl);
  4280. #else
  4281. return NULL;
  4282. #endif
  4283. }
  4284. const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
  4285. {
  4286. #ifndef OPENSSL_NO_COMP
  4287. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4288. if (sc == NULL)
  4289. return NULL;
  4290. return sc->rlayer.rrlmethod->get_compression(sc->rlayer.rrl);
  4291. #else
  4292. return NULL;
  4293. #endif
  4294. }
  4295. int ssl_init_wbio_buffer(SSL_CONNECTION *s)
  4296. {
  4297. BIO *bbio;
  4298. if (s->bbio != NULL) {
  4299. /* Already buffered. */
  4300. return 1;
  4301. }
  4302. bbio = BIO_new(BIO_f_buffer());
  4303. if (bbio == NULL || BIO_set_read_buffer_size(bbio, 1) <= 0) {
  4304. BIO_free(bbio);
  4305. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  4306. return 0;
  4307. }
  4308. s->bbio = bbio;
  4309. s->wbio = BIO_push(bbio, s->wbio);
  4310. s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
  4311. return 1;
  4312. }
  4313. int ssl_free_wbio_buffer(SSL_CONNECTION *s)
  4314. {
  4315. /* callers ensure s is never null */
  4316. if (s->bbio == NULL)
  4317. return 1;
  4318. s->wbio = BIO_pop(s->wbio);
  4319. s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
  4320. BIO_free(s->bbio);
  4321. s->bbio = NULL;
  4322. return 1;
  4323. }
  4324. void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
  4325. {
  4326. ctx->quiet_shutdown = mode;
  4327. }
  4328. int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
  4329. {
  4330. return ctx->quiet_shutdown;
  4331. }
  4332. void SSL_set_quiet_shutdown(SSL *s, int mode)
  4333. {
  4334. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4335. /* Not supported with QUIC */
  4336. if (sc == NULL)
  4337. return;
  4338. sc->quiet_shutdown = mode;
  4339. }
  4340. int SSL_get_quiet_shutdown(const SSL *s)
  4341. {
  4342. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4343. /* Not supported with QUIC */
  4344. if (sc == NULL)
  4345. return 0;
  4346. return sc->quiet_shutdown;
  4347. }
  4348. void SSL_set_shutdown(SSL *s, int mode)
  4349. {
  4350. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4351. /* Not supported with QUIC */
  4352. if (sc == NULL)
  4353. return;
  4354. sc->shutdown = mode;
  4355. }
  4356. int SSL_get_shutdown(const SSL *s)
  4357. {
  4358. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4359. #ifndef OPENSSL_NO_QUIC
  4360. /* QUIC: Just indicate whether the connection was shutdown cleanly. */
  4361. if (IS_QUIC(s))
  4362. return ossl_quic_get_shutdown(s);
  4363. #endif
  4364. if (sc == NULL)
  4365. return 0;
  4366. return sc->shutdown;
  4367. }
  4368. int SSL_version(const SSL *s)
  4369. {
  4370. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4371. #ifndef OPENSSL_NO_QUIC
  4372. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4373. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4374. return OSSL_QUIC1_VERSION;
  4375. #endif
  4376. if (sc == NULL)
  4377. return 0;
  4378. return sc->version;
  4379. }
  4380. int SSL_client_version(const SSL *s)
  4381. {
  4382. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4383. #ifndef OPENSSL_NO_QUIC
  4384. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4385. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4386. return OSSL_QUIC1_VERSION;
  4387. #endif
  4388. if (sc == NULL)
  4389. return 0;
  4390. return sc->client_version;
  4391. }
  4392. SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
  4393. {
  4394. return ssl->ctx;
  4395. }
  4396. SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
  4397. {
  4398. CERT *new_cert;
  4399. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  4400. /* TODO(QUIC FUTURE): Add support for QUIC */
  4401. if (sc == NULL)
  4402. return NULL;
  4403. if (ssl->ctx == ctx)
  4404. return ssl->ctx;
  4405. if (ctx == NULL)
  4406. ctx = sc->session_ctx;
  4407. new_cert = ssl_cert_dup(ctx->cert);
  4408. if (new_cert == NULL) {
  4409. return NULL;
  4410. }
  4411. if (!custom_exts_copy_flags(&new_cert->custext, &sc->cert->custext)) {
  4412. ssl_cert_free(new_cert);
  4413. return NULL;
  4414. }
  4415. ssl_cert_free(sc->cert);
  4416. sc->cert = new_cert;
  4417. /*
  4418. * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
  4419. * so setter APIs must prevent invalid lengths from entering the system.
  4420. */
  4421. if (!ossl_assert(sc->sid_ctx_length <= sizeof(sc->sid_ctx)))
  4422. return NULL;
  4423. /*
  4424. * If the session ID context matches that of the parent SSL_CTX,
  4425. * inherit it from the new SSL_CTX as well. If however the context does
  4426. * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
  4427. * leave it unchanged.
  4428. */
  4429. if ((ssl->ctx != NULL) &&
  4430. (sc->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
  4431. (memcmp(sc->sid_ctx, ssl->ctx->sid_ctx, sc->sid_ctx_length) == 0)) {
  4432. sc->sid_ctx_length = ctx->sid_ctx_length;
  4433. memcpy(&sc->sid_ctx, &ctx->sid_ctx, sizeof(sc->sid_ctx));
  4434. }
  4435. SSL_CTX_up_ref(ctx);
  4436. SSL_CTX_free(ssl->ctx); /* decrement reference count */
  4437. ssl->ctx = ctx;
  4438. return ssl->ctx;
  4439. }
  4440. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
  4441. {
  4442. return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx,
  4443. ctx->propq);
  4444. }
  4445. int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
  4446. {
  4447. X509_LOOKUP *lookup;
  4448. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
  4449. if (lookup == NULL)
  4450. return 0;
  4451. /* We ignore errors, in case the directory doesn't exist */
  4452. ERR_set_mark();
  4453. X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  4454. ERR_pop_to_mark();
  4455. return 1;
  4456. }
  4457. int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
  4458. {
  4459. X509_LOOKUP *lookup;
  4460. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
  4461. if (lookup == NULL)
  4462. return 0;
  4463. /* We ignore errors, in case the file doesn't exist */
  4464. ERR_set_mark();
  4465. X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx,
  4466. ctx->propq);
  4467. ERR_pop_to_mark();
  4468. return 1;
  4469. }
  4470. int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
  4471. {
  4472. X509_LOOKUP *lookup;
  4473. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store());
  4474. if (lookup == NULL)
  4475. return 0;
  4476. /* We ignore errors, in case the directory doesn't exist */
  4477. ERR_set_mark();
  4478. X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq);
  4479. ERR_pop_to_mark();
  4480. return 1;
  4481. }
  4482. int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
  4483. {
  4484. return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx,
  4485. ctx->propq);
  4486. }
  4487. int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
  4488. {
  4489. return X509_STORE_load_path(ctx->cert_store, CApath);
  4490. }
  4491. int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
  4492. {
  4493. return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx,
  4494. ctx->propq);
  4495. }
  4496. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  4497. const char *CApath)
  4498. {
  4499. if (CAfile == NULL && CApath == NULL)
  4500. return 0;
  4501. if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile))
  4502. return 0;
  4503. if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath))
  4504. return 0;
  4505. return 1;
  4506. }
  4507. void SSL_set_info_callback(SSL *ssl,
  4508. void (*cb) (const SSL *ssl, int type, int val))
  4509. {
  4510. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4511. if (sc == NULL)
  4512. return;
  4513. sc->info_callback = cb;
  4514. }
  4515. /*
  4516. * One compiler (Diab DCC) doesn't like argument names in returned function
  4517. * pointer.
  4518. */
  4519. void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
  4520. int /* type */ ,
  4521. int /* val */ ) {
  4522. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4523. if (sc == NULL)
  4524. return NULL;
  4525. return sc->info_callback;
  4526. }
  4527. void SSL_set_verify_result(SSL *ssl, long arg)
  4528. {
  4529. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4530. if (sc == NULL)
  4531. return;
  4532. sc->verify_result = arg;
  4533. }
  4534. long SSL_get_verify_result(const SSL *ssl)
  4535. {
  4536. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4537. if (sc == NULL)
  4538. return 0;
  4539. return sc->verify_result;
  4540. }
  4541. size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
  4542. {
  4543. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4544. if (sc == NULL)
  4545. return 0;
  4546. if (outlen == 0)
  4547. return sizeof(sc->s3.client_random);
  4548. if (outlen > sizeof(sc->s3.client_random))
  4549. outlen = sizeof(sc->s3.client_random);
  4550. memcpy(out, sc->s3.client_random, outlen);
  4551. return outlen;
  4552. }
  4553. size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
  4554. {
  4555. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4556. if (sc == NULL)
  4557. return 0;
  4558. if (outlen == 0)
  4559. return sizeof(sc->s3.server_random);
  4560. if (outlen > sizeof(sc->s3.server_random))
  4561. outlen = sizeof(sc->s3.server_random);
  4562. memcpy(out, sc->s3.server_random, outlen);
  4563. return outlen;
  4564. }
  4565. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
  4566. unsigned char *out, size_t outlen)
  4567. {
  4568. if (outlen == 0)
  4569. return session->master_key_length;
  4570. if (outlen > session->master_key_length)
  4571. outlen = session->master_key_length;
  4572. memcpy(out, session->master_key, outlen);
  4573. return outlen;
  4574. }
  4575. int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
  4576. size_t len)
  4577. {
  4578. if (len > sizeof(sess->master_key))
  4579. return 0;
  4580. memcpy(sess->master_key, in, len);
  4581. sess->master_key_length = len;
  4582. return 1;
  4583. }
  4584. int SSL_set_ex_data(SSL *s, int idx, void *arg)
  4585. {
  4586. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  4587. }
  4588. void *SSL_get_ex_data(const SSL *s, int idx)
  4589. {
  4590. return CRYPTO_get_ex_data(&s->ex_data, idx);
  4591. }
  4592. int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
  4593. {
  4594. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  4595. }
  4596. void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
  4597. {
  4598. return CRYPTO_get_ex_data(&s->ex_data, idx);
  4599. }
  4600. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
  4601. {
  4602. return ctx->cert_store;
  4603. }
  4604. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
  4605. {
  4606. X509_STORE_free(ctx->cert_store);
  4607. ctx->cert_store = store;
  4608. }
  4609. void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
  4610. {
  4611. if (store != NULL)
  4612. X509_STORE_up_ref(store);
  4613. SSL_CTX_set_cert_store(ctx, store);
  4614. }
  4615. int SSL_want(const SSL *s)
  4616. {
  4617. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4618. #ifndef OPENSSL_NO_QUIC
  4619. if (IS_QUIC(s))
  4620. return ossl_quic_want(s);
  4621. #endif
  4622. if (sc == NULL)
  4623. return SSL_NOTHING;
  4624. return sc->rwstate;
  4625. }
  4626. #ifndef OPENSSL_NO_PSK
  4627. int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
  4628. {
  4629. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  4630. ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
  4631. return 0;
  4632. }
  4633. OPENSSL_free(ctx->cert->psk_identity_hint);
  4634. if (identity_hint != NULL) {
  4635. ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  4636. if (ctx->cert->psk_identity_hint == NULL)
  4637. return 0;
  4638. } else
  4639. ctx->cert->psk_identity_hint = NULL;
  4640. return 1;
  4641. }
  4642. int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
  4643. {
  4644. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4645. if (sc == NULL)
  4646. return 0;
  4647. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  4648. ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
  4649. return 0;
  4650. }
  4651. OPENSSL_free(sc->cert->psk_identity_hint);
  4652. if (identity_hint != NULL) {
  4653. sc->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  4654. if (sc->cert->psk_identity_hint == NULL)
  4655. return 0;
  4656. } else
  4657. sc->cert->psk_identity_hint = NULL;
  4658. return 1;
  4659. }
  4660. const char *SSL_get_psk_identity_hint(const SSL *s)
  4661. {
  4662. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4663. if (sc == NULL || sc->session == NULL)
  4664. return NULL;
  4665. return sc->session->psk_identity_hint;
  4666. }
  4667. const char *SSL_get_psk_identity(const SSL *s)
  4668. {
  4669. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4670. if (sc == NULL || sc->session == NULL)
  4671. return NULL;
  4672. return sc->session->psk_identity;
  4673. }
  4674. void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
  4675. {
  4676. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4677. if (sc == NULL)
  4678. return;
  4679. sc->psk_client_callback = cb;
  4680. }
  4681. void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
  4682. {
  4683. ctx->psk_client_callback = cb;
  4684. }
  4685. void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
  4686. {
  4687. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4688. if (sc == NULL)
  4689. return;
  4690. sc->psk_server_callback = cb;
  4691. }
  4692. void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
  4693. {
  4694. ctx->psk_server_callback = cb;
  4695. }
  4696. #endif
  4697. void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
  4698. {
  4699. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4700. if (sc == NULL)
  4701. return;
  4702. sc->psk_find_session_cb = cb;
  4703. }
  4704. void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
  4705. SSL_psk_find_session_cb_func cb)
  4706. {
  4707. ctx->psk_find_session_cb = cb;
  4708. }
  4709. void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
  4710. {
  4711. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4712. if (sc == NULL)
  4713. return;
  4714. sc->psk_use_session_cb = cb;
  4715. }
  4716. void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
  4717. SSL_psk_use_session_cb_func cb)
  4718. {
  4719. ctx->psk_use_session_cb = cb;
  4720. }
  4721. void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
  4722. void (*cb) (int write_p, int version,
  4723. int content_type, const void *buf,
  4724. size_t len, SSL *ssl, void *arg))
  4725. {
  4726. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  4727. }
  4728. void SSL_set_msg_callback(SSL *ssl,
  4729. void (*cb) (int write_p, int version,
  4730. int content_type, const void *buf,
  4731. size_t len, SSL *ssl, void *arg))
  4732. {
  4733. SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  4734. }
  4735. void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
  4736. int (*cb) (SSL *ssl,
  4737. int
  4738. is_forward_secure))
  4739. {
  4740. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  4741. (void (*)(void))cb);
  4742. }
  4743. void SSL_set_not_resumable_session_callback(SSL *ssl,
  4744. int (*cb) (SSL *ssl,
  4745. int is_forward_secure))
  4746. {
  4747. SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  4748. (void (*)(void))cb);
  4749. }
  4750. void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
  4751. size_t (*cb) (SSL *ssl, int type,
  4752. size_t len, void *arg))
  4753. {
  4754. ctx->record_padding_cb = cb;
  4755. }
  4756. void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
  4757. {
  4758. ctx->record_padding_arg = arg;
  4759. }
  4760. void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
  4761. {
  4762. return ctx->record_padding_arg;
  4763. }
  4764. int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
  4765. {
  4766. if (IS_QUIC_CTX(ctx) && block_size > 1)
  4767. return 0;
  4768. /* block size of 0 or 1 is basically no padding */
  4769. if (block_size == 1)
  4770. ctx->block_padding = 0;
  4771. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4772. ctx->block_padding = block_size;
  4773. else
  4774. return 0;
  4775. return 1;
  4776. }
  4777. int SSL_set_record_padding_callback(SSL *ssl,
  4778. size_t (*cb) (SSL *ssl, int type,
  4779. size_t len, void *arg))
  4780. {
  4781. BIO *b;
  4782. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  4783. if (sc == NULL)
  4784. return 0;
  4785. b = SSL_get_wbio(ssl);
  4786. if (b == NULL || !BIO_get_ktls_send(b)) {
  4787. sc->rlayer.record_padding_cb = cb;
  4788. return 1;
  4789. }
  4790. return 0;
  4791. }
  4792. void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
  4793. {
  4794. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4795. if (sc == NULL)
  4796. return;
  4797. sc->rlayer.record_padding_arg = arg;
  4798. }
  4799. void *SSL_get_record_padding_callback_arg(const SSL *ssl)
  4800. {
  4801. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4802. if (sc == NULL)
  4803. return NULL;
  4804. return sc->rlayer.record_padding_arg;
  4805. }
  4806. int SSL_set_block_padding(SSL *ssl, size_t block_size)
  4807. {
  4808. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4809. if (sc == NULL || (IS_QUIC(ssl) && block_size > 1))
  4810. return 0;
  4811. /* block size of 0 or 1 is basically no padding */
  4812. if (block_size == 1)
  4813. sc->rlayer.block_padding = 0;
  4814. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4815. sc->rlayer.block_padding = block_size;
  4816. else
  4817. return 0;
  4818. return 1;
  4819. }
  4820. int SSL_set_num_tickets(SSL *s, size_t num_tickets)
  4821. {
  4822. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4823. if (sc == NULL)
  4824. return 0;
  4825. sc->num_tickets = num_tickets;
  4826. return 1;
  4827. }
  4828. size_t SSL_get_num_tickets(const SSL *s)
  4829. {
  4830. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4831. if (sc == NULL)
  4832. return 0;
  4833. return sc->num_tickets;
  4834. }
  4835. int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
  4836. {
  4837. ctx->num_tickets = num_tickets;
  4838. return 1;
  4839. }
  4840. size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
  4841. {
  4842. return ctx->num_tickets;
  4843. }
  4844. /* Retrieve handshake hashes */
  4845. int ssl_handshake_hash(SSL_CONNECTION *s,
  4846. unsigned char *out, size_t outlen,
  4847. size_t *hashlen)
  4848. {
  4849. EVP_MD_CTX *ctx = NULL;
  4850. EVP_MD_CTX *hdgst = s->s3.handshake_dgst;
  4851. int hashleni = EVP_MD_CTX_get_size(hdgst);
  4852. int ret = 0;
  4853. if (hashleni < 0 || (size_t)hashleni > outlen) {
  4854. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4855. goto err;
  4856. }
  4857. ctx = EVP_MD_CTX_new();
  4858. if (ctx == NULL) {
  4859. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4860. goto err;
  4861. }
  4862. if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
  4863. || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
  4864. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4865. goto err;
  4866. }
  4867. *hashlen = hashleni;
  4868. ret = 1;
  4869. err:
  4870. EVP_MD_CTX_free(ctx);
  4871. return ret;
  4872. }
  4873. int SSL_session_reused(const SSL *s)
  4874. {
  4875. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4876. if (sc == NULL)
  4877. return 0;
  4878. return sc->hit;
  4879. }
  4880. int SSL_is_server(const SSL *s)
  4881. {
  4882. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4883. if (sc == NULL)
  4884. return 0;
  4885. return sc->server;
  4886. }
  4887. #ifndef OPENSSL_NO_DEPRECATED_1_1_0
  4888. void SSL_set_debug(SSL *s, int debug)
  4889. {
  4890. /* Old function was do-nothing anyway... */
  4891. (void)s;
  4892. (void)debug;
  4893. }
  4894. #endif
  4895. void SSL_set_security_level(SSL *s, int level)
  4896. {
  4897. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4898. if (sc == NULL)
  4899. return;
  4900. sc->cert->sec_level = level;
  4901. }
  4902. int SSL_get_security_level(const SSL *s)
  4903. {
  4904. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4905. if (sc == NULL)
  4906. return 0;
  4907. return sc->cert->sec_level;
  4908. }
  4909. void SSL_set_security_callback(SSL *s,
  4910. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4911. int op, int bits, int nid,
  4912. void *other, void *ex))
  4913. {
  4914. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4915. if (sc == NULL)
  4916. return;
  4917. sc->cert->sec_cb = cb;
  4918. }
  4919. int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
  4920. const SSL_CTX *ctx, int op,
  4921. int bits, int nid, void *other,
  4922. void *ex) {
  4923. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4924. if (sc == NULL)
  4925. return NULL;
  4926. return sc->cert->sec_cb;
  4927. }
  4928. void SSL_set0_security_ex_data(SSL *s, void *ex)
  4929. {
  4930. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4931. if (sc == NULL)
  4932. return;
  4933. sc->cert->sec_ex = ex;
  4934. }
  4935. void *SSL_get0_security_ex_data(const SSL *s)
  4936. {
  4937. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4938. if (sc == NULL)
  4939. return NULL;
  4940. return sc->cert->sec_ex;
  4941. }
  4942. void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
  4943. {
  4944. ctx->cert->sec_level = level;
  4945. }
  4946. int SSL_CTX_get_security_level(const SSL_CTX *ctx)
  4947. {
  4948. return ctx->cert->sec_level;
  4949. }
  4950. void SSL_CTX_set_security_callback(SSL_CTX *ctx,
  4951. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4952. int op, int bits, int nid,
  4953. void *other, void *ex))
  4954. {
  4955. ctx->cert->sec_cb = cb;
  4956. }
  4957. int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
  4958. const SSL_CTX *ctx,
  4959. int op, int bits,
  4960. int nid,
  4961. void *other,
  4962. void *ex) {
  4963. return ctx->cert->sec_cb;
  4964. }
  4965. void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
  4966. {
  4967. ctx->cert->sec_ex = ex;
  4968. }
  4969. void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
  4970. {
  4971. return ctx->cert->sec_ex;
  4972. }
  4973. uint64_t SSL_CTX_get_options(const SSL_CTX *ctx)
  4974. {
  4975. return ctx->options;
  4976. }
  4977. uint64_t SSL_get_options(const SSL *s)
  4978. {
  4979. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4980. #ifndef OPENSSL_NO_QUIC
  4981. if (IS_QUIC(s))
  4982. return ossl_quic_get_options(s);
  4983. #endif
  4984. if (sc == NULL)
  4985. return 0;
  4986. return sc->options;
  4987. }
  4988. uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op)
  4989. {
  4990. return ctx->options |= op;
  4991. }
  4992. uint64_t SSL_set_options(SSL *s, uint64_t op)
  4993. {
  4994. SSL_CONNECTION *sc;
  4995. OSSL_PARAM options[2], *opts = options;
  4996. #ifndef OPENSSL_NO_QUIC
  4997. if (IS_QUIC(s))
  4998. return ossl_quic_set_options(s, op);
  4999. #endif
  5000. sc = SSL_CONNECTION_FROM_SSL(s);
  5001. if (sc == NULL)
  5002. return 0;
  5003. sc->options |= op;
  5004. *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
  5005. &sc->options);
  5006. *opts = OSSL_PARAM_construct_end();
  5007. /* Ignore return value */
  5008. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  5009. return sc->options;
  5010. }
  5011. uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op)
  5012. {
  5013. return ctx->options &= ~op;
  5014. }
  5015. uint64_t SSL_clear_options(SSL *s, uint64_t op)
  5016. {
  5017. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5018. #ifndef OPENSSL_NO_QUIC
  5019. if (IS_QUIC(s))
  5020. return ossl_quic_clear_options(s, op);
  5021. #endif
  5022. if (sc == NULL)
  5023. return 0;
  5024. return sc->options &= ~op;
  5025. }
  5026. STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
  5027. {
  5028. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5029. if (sc == NULL)
  5030. return NULL;
  5031. return sc->verified_chain;
  5032. }
  5033. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
  5034. #ifndef OPENSSL_NO_CT
  5035. /*
  5036. * Moves SCTs from the |src| stack to the |dst| stack.
  5037. * The source of each SCT will be set to |origin|.
  5038. * If |dst| points to a NULL pointer, a new stack will be created and owned by
  5039. * the caller.
  5040. * Returns the number of SCTs moved, or a negative integer if an error occurs.
  5041. */
  5042. static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
  5043. sct_source_t origin)
  5044. {
  5045. int scts_moved = 0;
  5046. SCT *sct = NULL;
  5047. if (*dst == NULL) {
  5048. *dst = sk_SCT_new_null();
  5049. if (*dst == NULL) {
  5050. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5051. goto err;
  5052. }
  5053. }
  5054. while ((sct = sk_SCT_pop(src)) != NULL) {
  5055. if (SCT_set_source(sct, origin) != 1)
  5056. goto err;
  5057. if (sk_SCT_push(*dst, sct) <= 0)
  5058. goto err;
  5059. scts_moved += 1;
  5060. }
  5061. return scts_moved;
  5062. err:
  5063. if (sct != NULL)
  5064. sk_SCT_push(src, sct); /* Put the SCT back */
  5065. return -1;
  5066. }
  5067. /*
  5068. * Look for data collected during ServerHello and parse if found.
  5069. * Returns the number of SCTs extracted.
  5070. */
  5071. static int ct_extract_tls_extension_scts(SSL_CONNECTION *s)
  5072. {
  5073. int scts_extracted = 0;
  5074. if (s->ext.scts != NULL) {
  5075. const unsigned char *p = s->ext.scts;
  5076. STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
  5077. scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
  5078. SCT_LIST_free(scts);
  5079. }
  5080. return scts_extracted;
  5081. }
  5082. /*
  5083. * Checks for an OCSP response and then attempts to extract any SCTs found if it
  5084. * contains an SCT X509 extension. They will be stored in |s->scts|.
  5085. * Returns:
  5086. * - The number of SCTs extracted, assuming an OCSP response exists.
  5087. * - 0 if no OCSP response exists or it contains no SCTs.
  5088. * - A negative integer if an error occurs.
  5089. */
  5090. static int ct_extract_ocsp_response_scts(SSL_CONNECTION *s)
  5091. {
  5092. # ifndef OPENSSL_NO_OCSP
  5093. int scts_extracted = 0;
  5094. const unsigned char *p;
  5095. OCSP_BASICRESP *br = NULL;
  5096. OCSP_RESPONSE *rsp = NULL;
  5097. STACK_OF(SCT) *scts = NULL;
  5098. int i;
  5099. if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
  5100. goto err;
  5101. p = s->ext.ocsp.resp;
  5102. rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
  5103. if (rsp == NULL)
  5104. goto err;
  5105. br = OCSP_response_get1_basic(rsp);
  5106. if (br == NULL)
  5107. goto err;
  5108. for (i = 0; i < OCSP_resp_count(br); ++i) {
  5109. OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
  5110. if (single == NULL)
  5111. continue;
  5112. scts =
  5113. OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
  5114. scts_extracted =
  5115. ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
  5116. if (scts_extracted < 0)
  5117. goto err;
  5118. }
  5119. err:
  5120. SCT_LIST_free(scts);
  5121. OCSP_BASICRESP_free(br);
  5122. OCSP_RESPONSE_free(rsp);
  5123. return scts_extracted;
  5124. # else
  5125. /* Behave as if no OCSP response exists */
  5126. return 0;
  5127. # endif
  5128. }
  5129. /*
  5130. * Attempts to extract SCTs from the peer certificate.
  5131. * Return the number of SCTs extracted, or a negative integer if an error
  5132. * occurs.
  5133. */
  5134. static int ct_extract_x509v3_extension_scts(SSL_CONNECTION *s)
  5135. {
  5136. int scts_extracted = 0;
  5137. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  5138. if (cert != NULL) {
  5139. STACK_OF(SCT) *scts =
  5140. X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
  5141. scts_extracted =
  5142. ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
  5143. SCT_LIST_free(scts);
  5144. }
  5145. return scts_extracted;
  5146. }
  5147. /*
  5148. * Attempts to find all received SCTs by checking TLS extensions, the OCSP
  5149. * response (if it exists) and X509v3 extensions in the certificate.
  5150. * Returns NULL if an error occurs.
  5151. */
  5152. const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
  5153. {
  5154. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5155. if (sc == NULL)
  5156. return NULL;
  5157. if (!sc->scts_parsed) {
  5158. if (ct_extract_tls_extension_scts(sc) < 0 ||
  5159. ct_extract_ocsp_response_scts(sc) < 0 ||
  5160. ct_extract_x509v3_extension_scts(sc) < 0)
  5161. goto err;
  5162. sc->scts_parsed = 1;
  5163. }
  5164. return sc->scts;
  5165. err:
  5166. return NULL;
  5167. }
  5168. static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx,
  5169. const STACK_OF(SCT) *scts, void *unused_arg)
  5170. {
  5171. return 1;
  5172. }
  5173. static int ct_strict(const CT_POLICY_EVAL_CTX *ctx,
  5174. const STACK_OF(SCT) *scts, void *unused_arg)
  5175. {
  5176. int count = scts != NULL ? sk_SCT_num(scts) : 0;
  5177. int i;
  5178. for (i = 0; i < count; ++i) {
  5179. SCT *sct = sk_SCT_value(scts, i);
  5180. int status = SCT_get_validation_status(sct);
  5181. if (status == SCT_VALIDATION_STATUS_VALID)
  5182. return 1;
  5183. }
  5184. ERR_raise(ERR_LIB_SSL, SSL_R_NO_VALID_SCTS);
  5185. return 0;
  5186. }
  5187. int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
  5188. void *arg)
  5189. {
  5190. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5191. if (sc == NULL)
  5192. return 0;
  5193. /*
  5194. * Since code exists that uses the custom extension handler for CT, look
  5195. * for this and throw an error if they have already registered to use CT.
  5196. */
  5197. if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
  5198. TLSEXT_TYPE_signed_certificate_timestamp))
  5199. {
  5200. ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  5201. return 0;
  5202. }
  5203. if (callback != NULL) {
  5204. /*
  5205. * If we are validating CT, then we MUST accept SCTs served via OCSP
  5206. */
  5207. if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
  5208. return 0;
  5209. }
  5210. sc->ct_validation_callback = callback;
  5211. sc->ct_validation_callback_arg = arg;
  5212. return 1;
  5213. }
  5214. int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
  5215. ssl_ct_validation_cb callback, void *arg)
  5216. {
  5217. /*
  5218. * Since code exists that uses the custom extension handler for CT, look for
  5219. * this and throw an error if they have already registered to use CT.
  5220. */
  5221. if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
  5222. TLSEXT_TYPE_signed_certificate_timestamp))
  5223. {
  5224. ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  5225. return 0;
  5226. }
  5227. ctx->ct_validation_callback = callback;
  5228. ctx->ct_validation_callback_arg = arg;
  5229. return 1;
  5230. }
  5231. int SSL_ct_is_enabled(const SSL *s)
  5232. {
  5233. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5234. if (sc == NULL)
  5235. return 0;
  5236. return sc->ct_validation_callback != NULL;
  5237. }
  5238. int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
  5239. {
  5240. return ctx->ct_validation_callback != NULL;
  5241. }
  5242. int ssl_validate_ct(SSL_CONNECTION *s)
  5243. {
  5244. int ret = 0;
  5245. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  5246. X509 *issuer;
  5247. SSL_DANE *dane = &s->dane;
  5248. CT_POLICY_EVAL_CTX *ctx = NULL;
  5249. const STACK_OF(SCT) *scts;
  5250. /*
  5251. * If no callback is set, the peer is anonymous, or its chain is invalid,
  5252. * skip SCT validation - just return success. Applications that continue
  5253. * handshakes without certificates, with unverified chains, or pinned leaf
  5254. * certificates are outside the scope of the WebPKI and CT.
  5255. *
  5256. * The above exclusions notwithstanding the vast majority of peers will
  5257. * have rather ordinary certificate chains validated by typical
  5258. * applications that perform certificate verification and therefore will
  5259. * process SCTs when enabled.
  5260. */
  5261. if (s->ct_validation_callback == NULL || cert == NULL ||
  5262. s->verify_result != X509_V_OK ||
  5263. s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
  5264. return 1;
  5265. /*
  5266. * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
  5267. * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
  5268. */
  5269. if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
  5270. switch (dane->mtlsa->usage) {
  5271. case DANETLS_USAGE_DANE_TA:
  5272. case DANETLS_USAGE_DANE_EE:
  5273. return 1;
  5274. }
  5275. }
  5276. ctx = CT_POLICY_EVAL_CTX_new_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
  5277. SSL_CONNECTION_GET_CTX(s)->propq);
  5278. if (ctx == NULL) {
  5279. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CT_LIB);
  5280. goto end;
  5281. }
  5282. issuer = sk_X509_value(s->verified_chain, 1);
  5283. CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
  5284. CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
  5285. CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx,
  5286. SSL_CONNECTION_GET_CTX(s)->ctlog_store);
  5287. CT_POLICY_EVAL_CTX_set_time(
  5288. ctx, (uint64_t)SSL_SESSION_get_time(s->session) * 1000);
  5289. scts = SSL_get0_peer_scts(SSL_CONNECTION_GET_SSL(s));
  5290. /*
  5291. * This function returns success (> 0) only when all the SCTs are valid, 0
  5292. * when some are invalid, and < 0 on various internal errors (out of
  5293. * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
  5294. * reason to abort the handshake, that decision is up to the callback.
  5295. * Therefore, we error out only in the unexpected case that the return
  5296. * value is negative.
  5297. *
  5298. * XXX: One might well argue that the return value of this function is an
  5299. * unfortunate design choice. Its job is only to determine the validation
  5300. * status of each of the provided SCTs. So long as it correctly separates
  5301. * the wheat from the chaff it should return success. Failure in this case
  5302. * ought to correspond to an inability to carry out its duties.
  5303. */
  5304. if (SCT_LIST_validate(scts, ctx) < 0) {
  5305. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_SCT_VERIFICATION_FAILED);
  5306. goto end;
  5307. }
  5308. ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
  5309. if (ret < 0)
  5310. ret = 0; /* This function returns 0 on failure */
  5311. if (!ret)
  5312. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED);
  5313. end:
  5314. CT_POLICY_EVAL_CTX_free(ctx);
  5315. /*
  5316. * With SSL_VERIFY_NONE the session may be cached and re-used despite a
  5317. * failure return code here. Also the application may wish the complete
  5318. * the handshake, and then disconnect cleanly at a higher layer, after
  5319. * checking the verification status of the completed connection.
  5320. *
  5321. * We therefore force a certificate verification failure which will be
  5322. * visible via SSL_get_verify_result() and cached as part of any resumed
  5323. * session.
  5324. *
  5325. * Note: the permissive callback is for information gathering only, always
  5326. * returns success, and does not affect verification status. Only the
  5327. * strict callback or a custom application-specified callback can trigger
  5328. * connection failure or record a verification error.
  5329. */
  5330. if (ret <= 0)
  5331. s->verify_result = X509_V_ERR_NO_VALID_SCTS;
  5332. return ret;
  5333. }
  5334. int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
  5335. {
  5336. switch (validation_mode) {
  5337. default:
  5338. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
  5339. return 0;
  5340. case SSL_CT_VALIDATION_PERMISSIVE:
  5341. return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
  5342. case SSL_CT_VALIDATION_STRICT:
  5343. return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
  5344. }
  5345. }
  5346. int SSL_enable_ct(SSL *s, int validation_mode)
  5347. {
  5348. switch (validation_mode) {
  5349. default:
  5350. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
  5351. return 0;
  5352. case SSL_CT_VALIDATION_PERMISSIVE:
  5353. return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
  5354. case SSL_CT_VALIDATION_STRICT:
  5355. return SSL_set_ct_validation_callback(s, ct_strict, NULL);
  5356. }
  5357. }
  5358. int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
  5359. {
  5360. return CTLOG_STORE_load_default_file(ctx->ctlog_store);
  5361. }
  5362. int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
  5363. {
  5364. return CTLOG_STORE_load_file(ctx->ctlog_store, path);
  5365. }
  5366. void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs)
  5367. {
  5368. CTLOG_STORE_free(ctx->ctlog_store);
  5369. ctx->ctlog_store = logs;
  5370. }
  5371. const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
  5372. {
  5373. return ctx->ctlog_store;
  5374. }
  5375. #endif /* OPENSSL_NO_CT */
  5376. void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
  5377. void *arg)
  5378. {
  5379. c->client_hello_cb = cb;
  5380. c->client_hello_cb_arg = arg;
  5381. }
  5382. int SSL_client_hello_isv2(SSL *s)
  5383. {
  5384. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5385. if (sc == NULL)
  5386. return 0;
  5387. if (sc->clienthello == NULL)
  5388. return 0;
  5389. return sc->clienthello->isv2;
  5390. }
  5391. unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
  5392. {
  5393. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5394. if (sc == NULL)
  5395. return 0;
  5396. if (sc->clienthello == NULL)
  5397. return 0;
  5398. return sc->clienthello->legacy_version;
  5399. }
  5400. size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
  5401. {
  5402. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5403. if (sc == NULL)
  5404. return 0;
  5405. if (sc->clienthello == NULL)
  5406. return 0;
  5407. if (out != NULL)
  5408. *out = sc->clienthello->random;
  5409. return SSL3_RANDOM_SIZE;
  5410. }
  5411. size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
  5412. {
  5413. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5414. if (sc == NULL)
  5415. return 0;
  5416. if (sc->clienthello == NULL)
  5417. return 0;
  5418. if (out != NULL)
  5419. *out = sc->clienthello->session_id;
  5420. return sc->clienthello->session_id_len;
  5421. }
  5422. size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
  5423. {
  5424. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5425. if (sc == NULL)
  5426. return 0;
  5427. if (sc->clienthello == NULL)
  5428. return 0;
  5429. if (out != NULL)
  5430. *out = PACKET_data(&sc->clienthello->ciphersuites);
  5431. return PACKET_remaining(&sc->clienthello->ciphersuites);
  5432. }
  5433. size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
  5434. {
  5435. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5436. if (sc == NULL)
  5437. return 0;
  5438. if (sc->clienthello == NULL)
  5439. return 0;
  5440. if (out != NULL)
  5441. *out = sc->clienthello->compressions;
  5442. return sc->clienthello->compressions_len;
  5443. }
  5444. int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
  5445. {
  5446. RAW_EXTENSION *ext;
  5447. int *present;
  5448. size_t num = 0, i;
  5449. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5450. if (sc == NULL)
  5451. return 0;
  5452. if (sc->clienthello == NULL || out == NULL || outlen == NULL)
  5453. return 0;
  5454. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5455. ext = sc->clienthello->pre_proc_exts + i;
  5456. if (ext->present)
  5457. num++;
  5458. }
  5459. if (num == 0) {
  5460. *out = NULL;
  5461. *outlen = 0;
  5462. return 1;
  5463. }
  5464. if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL)
  5465. return 0;
  5466. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5467. ext = sc->clienthello->pre_proc_exts + i;
  5468. if (ext->present) {
  5469. if (ext->received_order >= num)
  5470. goto err;
  5471. present[ext->received_order] = ext->type;
  5472. }
  5473. }
  5474. *out = present;
  5475. *outlen = num;
  5476. return 1;
  5477. err:
  5478. OPENSSL_free(present);
  5479. return 0;
  5480. }
  5481. int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, size_t *num_exts)
  5482. {
  5483. RAW_EXTENSION *ext;
  5484. size_t num = 0, i;
  5485. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5486. if (sc == NULL)
  5487. return 0;
  5488. if (sc->clienthello == NULL || num_exts == NULL)
  5489. return 0;
  5490. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5491. ext = sc->clienthello->pre_proc_exts + i;
  5492. if (ext->present)
  5493. num++;
  5494. }
  5495. if (num == 0) {
  5496. *num_exts = 0;
  5497. return 1;
  5498. }
  5499. if (exts == NULL) {
  5500. *num_exts = num;
  5501. return 1;
  5502. }
  5503. if (*num_exts < num)
  5504. return 0;
  5505. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5506. ext = sc->clienthello->pre_proc_exts + i;
  5507. if (ext->present) {
  5508. if (ext->received_order >= num)
  5509. return 0;
  5510. exts[ext->received_order] = ext->type;
  5511. }
  5512. }
  5513. *num_exts = num;
  5514. return 1;
  5515. }
  5516. int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
  5517. size_t *outlen)
  5518. {
  5519. size_t i;
  5520. RAW_EXTENSION *r;
  5521. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5522. if (sc == NULL)
  5523. return 0;
  5524. if (sc->clienthello == NULL)
  5525. return 0;
  5526. for (i = 0; i < sc->clienthello->pre_proc_exts_len; ++i) {
  5527. r = sc->clienthello->pre_proc_exts + i;
  5528. if (r->present && r->type == type) {
  5529. if (out != NULL)
  5530. *out = PACKET_data(&r->data);
  5531. if (outlen != NULL)
  5532. *outlen = PACKET_remaining(&r->data);
  5533. return 1;
  5534. }
  5535. }
  5536. return 0;
  5537. }
  5538. int SSL_free_buffers(SSL *ssl)
  5539. {
  5540. RECORD_LAYER *rl;
  5541. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  5542. if (sc == NULL)
  5543. return 0;
  5544. rl = &sc->rlayer;
  5545. return rl->rrlmethod->free_buffers(rl->rrl)
  5546. && rl->wrlmethod->free_buffers(rl->wrl);
  5547. }
  5548. int SSL_alloc_buffers(SSL *ssl)
  5549. {
  5550. RECORD_LAYER *rl;
  5551. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5552. if (sc == NULL)
  5553. return 0;
  5554. /* QUIC always has buffers allocated. */
  5555. if (IS_QUIC(ssl))
  5556. return 1;
  5557. rl = &sc->rlayer;
  5558. return rl->rrlmethod->alloc_buffers(rl->rrl)
  5559. && rl->wrlmethod->alloc_buffers(rl->wrl);
  5560. }
  5561. void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
  5562. {
  5563. ctx->keylog_callback = cb;
  5564. }
  5565. SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
  5566. {
  5567. return ctx->keylog_callback;
  5568. }
  5569. static int nss_keylog_int(const char *prefix,
  5570. SSL_CONNECTION *sc,
  5571. const uint8_t *parameter_1,
  5572. size_t parameter_1_len,
  5573. const uint8_t *parameter_2,
  5574. size_t parameter_2_len)
  5575. {
  5576. char *out = NULL;
  5577. char *cursor = NULL;
  5578. size_t out_len = 0;
  5579. size_t i;
  5580. size_t prefix_len;
  5581. SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc);
  5582. if (sctx->keylog_callback == NULL)
  5583. return 1;
  5584. /*
  5585. * Our output buffer will contain the following strings, rendered with
  5586. * space characters in between, terminated by a NULL character: first the
  5587. * prefix, then the first parameter, then the second parameter. The
  5588. * meaning of each parameter depends on the specific key material being
  5589. * logged. Note that the first and second parameters are encoded in
  5590. * hexadecimal, so we need a buffer that is twice their lengths.
  5591. */
  5592. prefix_len = strlen(prefix);
  5593. out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
  5594. if ((out = cursor = OPENSSL_malloc(out_len)) == NULL)
  5595. return 0;
  5596. strcpy(cursor, prefix);
  5597. cursor += prefix_len;
  5598. *cursor++ = ' ';
  5599. for (i = 0; i < parameter_1_len; i++) {
  5600. sprintf(cursor, "%02x", parameter_1[i]);
  5601. cursor += 2;
  5602. }
  5603. *cursor++ = ' ';
  5604. for (i = 0; i < parameter_2_len; i++) {
  5605. sprintf(cursor, "%02x", parameter_2[i]);
  5606. cursor += 2;
  5607. }
  5608. *cursor = '\0';
  5609. sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out);
  5610. OPENSSL_clear_free(out, out_len);
  5611. return 1;
  5612. }
  5613. int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *sc,
  5614. const uint8_t *encrypted_premaster,
  5615. size_t encrypted_premaster_len,
  5616. const uint8_t *premaster,
  5617. size_t premaster_len)
  5618. {
  5619. if (encrypted_premaster_len < 8) {
  5620. SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  5621. return 0;
  5622. }
  5623. /* We only want the first 8 bytes of the encrypted premaster as a tag. */
  5624. return nss_keylog_int("RSA",
  5625. sc,
  5626. encrypted_premaster,
  5627. 8,
  5628. premaster,
  5629. premaster_len);
  5630. }
  5631. int ssl_log_secret(SSL_CONNECTION *sc,
  5632. const char *label,
  5633. const uint8_t *secret,
  5634. size_t secret_len)
  5635. {
  5636. return nss_keylog_int(label,
  5637. sc,
  5638. sc->s3.client_random,
  5639. SSL3_RANDOM_SIZE,
  5640. secret,
  5641. secret_len);
  5642. }
  5643. #define SSLV2_CIPHER_LEN 3
  5644. int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2format)
  5645. {
  5646. int n;
  5647. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  5648. if (PACKET_remaining(cipher_suites) == 0) {
  5649. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
  5650. return 0;
  5651. }
  5652. if (PACKET_remaining(cipher_suites) % n != 0) {
  5653. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5654. return 0;
  5655. }
  5656. OPENSSL_free(s->s3.tmp.ciphers_raw);
  5657. s->s3.tmp.ciphers_raw = NULL;
  5658. s->s3.tmp.ciphers_rawlen = 0;
  5659. if (sslv2format) {
  5660. size_t numciphers = PACKET_remaining(cipher_suites) / n;
  5661. PACKET sslv2ciphers = *cipher_suites;
  5662. unsigned int leadbyte;
  5663. unsigned char *raw;
  5664. /*
  5665. * We store the raw ciphers list in SSLv3+ format so we need to do some
  5666. * preprocessing to convert the list first. If there are any SSLv2 only
  5667. * ciphersuites with a non-zero leading byte then we are going to
  5668. * slightly over allocate because we won't store those. But that isn't a
  5669. * problem.
  5670. */
  5671. raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
  5672. s->s3.tmp.ciphers_raw = raw;
  5673. if (raw == NULL) {
  5674. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5675. return 0;
  5676. }
  5677. for (s->s3.tmp.ciphers_rawlen = 0;
  5678. PACKET_remaining(&sslv2ciphers) > 0;
  5679. raw += TLS_CIPHER_LEN) {
  5680. if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
  5681. || (leadbyte == 0
  5682. && !PACKET_copy_bytes(&sslv2ciphers, raw,
  5683. TLS_CIPHER_LEN))
  5684. || (leadbyte != 0
  5685. && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
  5686. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET);
  5687. OPENSSL_free(s->s3.tmp.ciphers_raw);
  5688. s->s3.tmp.ciphers_raw = NULL;
  5689. s->s3.tmp.ciphers_rawlen = 0;
  5690. return 0;
  5691. }
  5692. if (leadbyte == 0)
  5693. s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN;
  5694. }
  5695. } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw,
  5696. &s->s3.tmp.ciphers_rawlen)) {
  5697. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  5698. return 0;
  5699. }
  5700. return 1;
  5701. }
  5702. int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
  5703. int isv2format, STACK_OF(SSL_CIPHER) **sk,
  5704. STACK_OF(SSL_CIPHER) **scsvs)
  5705. {
  5706. PACKET pkt;
  5707. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5708. if (sc == NULL)
  5709. return 0;
  5710. if (!PACKET_buf_init(&pkt, bytes, len))
  5711. return 0;
  5712. return ossl_bytes_to_cipher_list(sc, &pkt, sk, scsvs, isv2format, 0);
  5713. }
  5714. int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites,
  5715. STACK_OF(SSL_CIPHER) **skp,
  5716. STACK_OF(SSL_CIPHER) **scsvs_out,
  5717. int sslv2format, int fatal)
  5718. {
  5719. const SSL_CIPHER *c;
  5720. STACK_OF(SSL_CIPHER) *sk = NULL;
  5721. STACK_OF(SSL_CIPHER) *scsvs = NULL;
  5722. int n;
  5723. /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
  5724. unsigned char cipher[SSLV2_CIPHER_LEN];
  5725. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  5726. if (PACKET_remaining(cipher_suites) == 0) {
  5727. if (fatal)
  5728. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
  5729. else
  5730. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED);
  5731. return 0;
  5732. }
  5733. if (PACKET_remaining(cipher_suites) % n != 0) {
  5734. if (fatal)
  5735. SSLfatal(s, SSL_AD_DECODE_ERROR,
  5736. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5737. else
  5738. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5739. return 0;
  5740. }
  5741. sk = sk_SSL_CIPHER_new_null();
  5742. scsvs = sk_SSL_CIPHER_new_null();
  5743. if (sk == NULL || scsvs == NULL) {
  5744. if (fatal)
  5745. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5746. else
  5747. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5748. goto err;
  5749. }
  5750. while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
  5751. /*
  5752. * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
  5753. * first byte set to zero, while true SSLv2 ciphers have a non-zero
  5754. * first byte. We don't support any true SSLv2 ciphers, so skip them.
  5755. */
  5756. if (sslv2format && cipher[0] != '\0')
  5757. continue;
  5758. /* For SSLv2-compat, ignore leading 0-byte. */
  5759. c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
  5760. if (c != NULL) {
  5761. if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
  5762. (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
  5763. if (fatal)
  5764. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5765. else
  5766. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5767. goto err;
  5768. }
  5769. }
  5770. }
  5771. if (PACKET_remaining(cipher_suites) > 0) {
  5772. if (fatal)
  5773. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH);
  5774. else
  5775. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  5776. goto err;
  5777. }
  5778. if (skp != NULL)
  5779. *skp = sk;
  5780. else
  5781. sk_SSL_CIPHER_free(sk);
  5782. if (scsvs_out != NULL)
  5783. *scsvs_out = scsvs;
  5784. else
  5785. sk_SSL_CIPHER_free(scsvs);
  5786. return 1;
  5787. err:
  5788. sk_SSL_CIPHER_free(sk);
  5789. sk_SSL_CIPHER_free(scsvs);
  5790. return 0;
  5791. }
  5792. int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
  5793. {
  5794. ctx->max_early_data = max_early_data;
  5795. return 1;
  5796. }
  5797. uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
  5798. {
  5799. return ctx->max_early_data;
  5800. }
  5801. int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
  5802. {
  5803. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5804. if (sc == NULL)
  5805. return 0;
  5806. sc->max_early_data = max_early_data;
  5807. return 1;
  5808. }
  5809. uint32_t SSL_get_max_early_data(const SSL *s)
  5810. {
  5811. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5812. if (sc == NULL)
  5813. return 0;
  5814. return sc->max_early_data;
  5815. }
  5816. int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
  5817. {
  5818. ctx->recv_max_early_data = recv_max_early_data;
  5819. return 1;
  5820. }
  5821. uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
  5822. {
  5823. return ctx->recv_max_early_data;
  5824. }
  5825. int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
  5826. {
  5827. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5828. if (sc == NULL)
  5829. return 0;
  5830. sc->recv_max_early_data = recv_max_early_data;
  5831. return 1;
  5832. }
  5833. uint32_t SSL_get_recv_max_early_data(const SSL *s)
  5834. {
  5835. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5836. if (sc == NULL)
  5837. return 0;
  5838. return sc->recv_max_early_data;
  5839. }
  5840. __owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc)
  5841. {
  5842. /* Return any active Max Fragment Len extension */
  5843. if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session))
  5844. return GET_MAX_FRAGMENT_LENGTH(sc->session);
  5845. /* return current SSL connection setting */
  5846. return sc->max_send_fragment;
  5847. }
  5848. __owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc)
  5849. {
  5850. /* Return a value regarding an active Max Fragment Len extension */
  5851. if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session)
  5852. && sc->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(sc->session))
  5853. return GET_MAX_FRAGMENT_LENGTH(sc->session);
  5854. /* else limit |split_send_fragment| to current |max_send_fragment| */
  5855. if (sc->split_send_fragment > sc->max_send_fragment)
  5856. return sc->max_send_fragment;
  5857. /* return current SSL connection setting */
  5858. return sc->split_send_fragment;
  5859. }
  5860. int SSL_stateless(SSL *s)
  5861. {
  5862. int ret;
  5863. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5864. if (sc == NULL)
  5865. return 0;
  5866. /* Ensure there is no state left over from a previous invocation */
  5867. if (!SSL_clear(s))
  5868. return 0;
  5869. ERR_clear_error();
  5870. sc->s3.flags |= TLS1_FLAGS_STATELESS;
  5871. ret = SSL_accept(s);
  5872. sc->s3.flags &= ~TLS1_FLAGS_STATELESS;
  5873. if (ret > 0 && sc->ext.cookieok)
  5874. return 1;
  5875. if (sc->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(sc))
  5876. return 0;
  5877. return -1;
  5878. }
  5879. void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
  5880. {
  5881. ctx->pha_enabled = val;
  5882. }
  5883. void SSL_set_post_handshake_auth(SSL *ssl, int val)
  5884. {
  5885. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  5886. if (sc == NULL)
  5887. return;
  5888. sc->pha_enabled = val;
  5889. }
  5890. int SSL_verify_client_post_handshake(SSL *ssl)
  5891. {
  5892. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5893. #ifndef OPENSSL_NO_QUIC
  5894. if (IS_QUIC(ssl)) {
  5895. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  5896. return 0;
  5897. }
  5898. #endif
  5899. if (sc == NULL)
  5900. return 0;
  5901. if (!SSL_CONNECTION_IS_TLS13(sc)) {
  5902. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  5903. return 0;
  5904. }
  5905. if (!sc->server) {
  5906. ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER);
  5907. return 0;
  5908. }
  5909. if (!SSL_is_init_finished(ssl)) {
  5910. ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
  5911. return 0;
  5912. }
  5913. switch (sc->post_handshake_auth) {
  5914. case SSL_PHA_NONE:
  5915. ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED);
  5916. return 0;
  5917. default:
  5918. case SSL_PHA_EXT_SENT:
  5919. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  5920. return 0;
  5921. case SSL_PHA_EXT_RECEIVED:
  5922. break;
  5923. case SSL_PHA_REQUEST_PENDING:
  5924. ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_PENDING);
  5925. return 0;
  5926. case SSL_PHA_REQUESTED:
  5927. ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_SENT);
  5928. return 0;
  5929. }
  5930. sc->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
  5931. /* checks verify_mode and algorithm_auth */
  5932. if (!send_certificate_request(sc)) {
  5933. sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
  5934. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG);
  5935. return 0;
  5936. }
  5937. ossl_statem_set_in_init(sc, 1);
  5938. return 1;
  5939. }
  5940. int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
  5941. SSL_CTX_generate_session_ticket_fn gen_cb,
  5942. SSL_CTX_decrypt_session_ticket_fn dec_cb,
  5943. void *arg)
  5944. {
  5945. ctx->generate_ticket_cb = gen_cb;
  5946. ctx->decrypt_ticket_cb = dec_cb;
  5947. ctx->ticket_cb_data = arg;
  5948. return 1;
  5949. }
  5950. void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
  5951. SSL_allow_early_data_cb_fn cb,
  5952. void *arg)
  5953. {
  5954. ctx->allow_early_data_cb = cb;
  5955. ctx->allow_early_data_cb_data = arg;
  5956. }
  5957. void SSL_set_allow_early_data_cb(SSL *s,
  5958. SSL_allow_early_data_cb_fn cb,
  5959. void *arg)
  5960. {
  5961. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5962. if (sc == NULL)
  5963. return;
  5964. sc->allow_early_data_cb = cb;
  5965. sc->allow_early_data_cb_data = arg;
  5966. }
  5967. const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
  5968. int nid,
  5969. const char *properties)
  5970. {
  5971. const EVP_CIPHER *ciph;
  5972. ciph = tls_get_cipher_from_engine(nid);
  5973. if (ciph != NULL)
  5974. return ciph;
  5975. /*
  5976. * If there is no engine cipher then we do an explicit fetch. This may fail
  5977. * and that could be ok
  5978. */
  5979. ERR_set_mark();
  5980. ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
  5981. ERR_pop_to_mark();
  5982. return ciph;
  5983. }
  5984. int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher)
  5985. {
  5986. /* Don't up-ref an implicit EVP_CIPHER */
  5987. if (EVP_CIPHER_get0_provider(cipher) == NULL)
  5988. return 1;
  5989. /*
  5990. * The cipher was explicitly fetched and therefore it is safe to cast
  5991. * away the const
  5992. */
  5993. return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher);
  5994. }
  5995. void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
  5996. {
  5997. if (cipher == NULL)
  5998. return;
  5999. if (EVP_CIPHER_get0_provider(cipher) != NULL) {
  6000. /*
  6001. * The cipher was explicitly fetched and therefore it is safe to cast
  6002. * away the const
  6003. */
  6004. EVP_CIPHER_free((EVP_CIPHER *)cipher);
  6005. }
  6006. }
  6007. const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
  6008. int nid,
  6009. const char *properties)
  6010. {
  6011. const EVP_MD *md;
  6012. md = tls_get_digest_from_engine(nid);
  6013. if (md != NULL)
  6014. return md;
  6015. /* Otherwise we do an explicit fetch */
  6016. ERR_set_mark();
  6017. md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
  6018. ERR_pop_to_mark();
  6019. return md;
  6020. }
  6021. int ssl_evp_md_up_ref(const EVP_MD *md)
  6022. {
  6023. /* Don't up-ref an implicit EVP_MD */
  6024. if (EVP_MD_get0_provider(md) == NULL)
  6025. return 1;
  6026. /*
  6027. * The digest was explicitly fetched and therefore it is safe to cast
  6028. * away the const
  6029. */
  6030. return EVP_MD_up_ref((EVP_MD *)md);
  6031. }
  6032. void ssl_evp_md_free(const EVP_MD *md)
  6033. {
  6034. if (md == NULL)
  6035. return;
  6036. if (EVP_MD_get0_provider(md) != NULL) {
  6037. /*
  6038. * The digest was explicitly fetched and therefore it is safe to cast
  6039. * away the const
  6040. */
  6041. EVP_MD_free((EVP_MD *)md);
  6042. }
  6043. }
  6044. int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey)
  6045. {
  6046. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6047. if (sc == NULL)
  6048. return 0;
  6049. if (!ssl_security(sc, SSL_SECOP_TMP_DH,
  6050. EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
  6051. ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
  6052. return 0;
  6053. }
  6054. EVP_PKEY_free(sc->cert->dh_tmp);
  6055. sc->cert->dh_tmp = dhpkey;
  6056. return 1;
  6057. }
  6058. int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey)
  6059. {
  6060. if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
  6061. EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
  6062. ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
  6063. return 0;
  6064. }
  6065. EVP_PKEY_free(ctx->cert->dh_tmp);
  6066. ctx->cert->dh_tmp = dhpkey;
  6067. return 1;
  6068. }
  6069. /* QUIC-specific methods which are supported on QUIC connections only. */
  6070. int SSL_handle_events(SSL *s)
  6071. {
  6072. SSL_CONNECTION *sc;
  6073. #ifndef OPENSSL_NO_QUIC
  6074. if (IS_QUIC(s))
  6075. return ossl_quic_handle_events(s);
  6076. #endif
  6077. sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  6078. if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc))
  6079. /*
  6080. * DTLSv1_handle_timeout returns 0 if the timer wasn't expired yet,
  6081. * which we consider a success case. Theoretically DTLSv1_handle_timeout
  6082. * can also return 0 if s is NULL or not a DTLS object, but we've
  6083. * already ruled out those possibilities above, so this is not possible
  6084. * here. Thus the only failure cases are where DTLSv1_handle_timeout
  6085. * returns -1.
  6086. */
  6087. return DTLSv1_handle_timeout(s) >= 0;
  6088. return 1;
  6089. }
  6090. int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
  6091. {
  6092. SSL_CONNECTION *sc;
  6093. #ifndef OPENSSL_NO_QUIC
  6094. if (IS_QUIC(s))
  6095. return ossl_quic_get_event_timeout(s, tv, is_infinite);
  6096. #endif
  6097. sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  6098. if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc)
  6099. && DTLSv1_get_timeout(s, tv)) {
  6100. *is_infinite = 0;
  6101. return 1;
  6102. }
  6103. tv->tv_sec = 1000000;
  6104. tv->tv_usec = 0;
  6105. *is_infinite = 1;
  6106. return 1;
  6107. }
  6108. int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
  6109. {
  6110. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6111. #ifndef OPENSSL_NO_QUIC
  6112. if (IS_QUIC(s))
  6113. return ossl_quic_get_rpoll_descriptor(s, desc);
  6114. #endif
  6115. if (sc == NULL || sc->rbio == NULL)
  6116. return 0;
  6117. return BIO_get_rpoll_descriptor(sc->rbio, desc);
  6118. }
  6119. int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
  6120. {
  6121. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6122. #ifndef OPENSSL_NO_QUIC
  6123. if (IS_QUIC(s))
  6124. return ossl_quic_get_wpoll_descriptor(s, desc);
  6125. #endif
  6126. if (sc == NULL || sc->wbio == NULL)
  6127. return 0;
  6128. return BIO_get_wpoll_descriptor(sc->wbio, desc);
  6129. }
  6130. int SSL_net_read_desired(SSL *s)
  6131. {
  6132. #ifndef OPENSSL_NO_QUIC
  6133. if (!IS_QUIC(s))
  6134. return SSL_want_read(s);
  6135. return ossl_quic_get_net_read_desired(s);
  6136. #else
  6137. return SSL_want_read(s);
  6138. #endif
  6139. }
  6140. int SSL_net_write_desired(SSL *s)
  6141. {
  6142. #ifndef OPENSSL_NO_QUIC
  6143. if (!IS_QUIC(s))
  6144. return SSL_want_write(s);
  6145. return ossl_quic_get_net_write_desired(s);
  6146. #else
  6147. return SSL_want_write(s);
  6148. #endif
  6149. }
  6150. int SSL_set_blocking_mode(SSL *s, int blocking)
  6151. {
  6152. #ifndef OPENSSL_NO_QUIC
  6153. if (!IS_QUIC(s))
  6154. return 0;
  6155. return ossl_quic_conn_set_blocking_mode(s, blocking);
  6156. #else
  6157. return 0;
  6158. #endif
  6159. }
  6160. int SSL_get_blocking_mode(SSL *s)
  6161. {
  6162. #ifndef OPENSSL_NO_QUIC
  6163. if (!IS_QUIC(s))
  6164. return -1;
  6165. return ossl_quic_conn_get_blocking_mode(s);
  6166. #else
  6167. return -1;
  6168. #endif
  6169. }
  6170. int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr)
  6171. {
  6172. #ifndef OPENSSL_NO_QUIC
  6173. if (!IS_QUIC(s))
  6174. return 0;
  6175. return ossl_quic_conn_set_initial_peer_addr(s, peer_addr);
  6176. #else
  6177. return 0;
  6178. #endif
  6179. }
  6180. int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
  6181. const SSL_SHUTDOWN_EX_ARGS *args,
  6182. size_t args_len)
  6183. {
  6184. #ifndef OPENSSL_NO_QUIC
  6185. if (!IS_QUIC(ssl))
  6186. return SSL_shutdown(ssl);
  6187. return ossl_quic_conn_shutdown(ssl, flags, args, args_len);
  6188. #else
  6189. return SSL_shutdown(ssl);
  6190. #endif
  6191. }
  6192. int SSL_stream_conclude(SSL *ssl, uint64_t flags)
  6193. {
  6194. #ifndef OPENSSL_NO_QUIC
  6195. if (!IS_QUIC(ssl))
  6196. return 0;
  6197. return ossl_quic_conn_stream_conclude(ssl);
  6198. #else
  6199. return 0;
  6200. #endif
  6201. }
  6202. SSL *SSL_new_stream(SSL *s, uint64_t flags)
  6203. {
  6204. #ifndef OPENSSL_NO_QUIC
  6205. if (!IS_QUIC(s))
  6206. return NULL;
  6207. return ossl_quic_conn_stream_new(s, flags);
  6208. #else
  6209. return NULL;
  6210. #endif
  6211. }
  6212. SSL *SSL_get0_connection(SSL *s)
  6213. {
  6214. #ifndef OPENSSL_NO_QUIC
  6215. if (!IS_QUIC(s))
  6216. return s;
  6217. return ossl_quic_get0_connection(s);
  6218. #else
  6219. return s;
  6220. #endif
  6221. }
  6222. int SSL_is_connection(SSL *s)
  6223. {
  6224. return SSL_get0_connection(s) == s;
  6225. }
  6226. int SSL_get_stream_type(SSL *s)
  6227. {
  6228. #ifndef OPENSSL_NO_QUIC
  6229. if (!IS_QUIC(s))
  6230. return SSL_STREAM_TYPE_BIDI;
  6231. return ossl_quic_get_stream_type(s);
  6232. #else
  6233. return SSL_STREAM_TYPE_BIDI;
  6234. #endif
  6235. }
  6236. uint64_t SSL_get_stream_id(SSL *s)
  6237. {
  6238. #ifndef OPENSSL_NO_QUIC
  6239. if (!IS_QUIC(s))
  6240. return UINT64_MAX;
  6241. return ossl_quic_get_stream_id(s);
  6242. #else
  6243. return UINT64_MAX;
  6244. #endif
  6245. }
  6246. int SSL_is_stream_local(SSL *s)
  6247. {
  6248. #ifndef OPENSSL_NO_QUIC
  6249. if (!IS_QUIC(s))
  6250. return -1;
  6251. return ossl_quic_is_stream_local(s);
  6252. #else
  6253. return -1;
  6254. #endif
  6255. }
  6256. int SSL_set_default_stream_mode(SSL *s, uint32_t mode)
  6257. {
  6258. #ifndef OPENSSL_NO_QUIC
  6259. if (!IS_QUIC(s))
  6260. return 0;
  6261. return ossl_quic_set_default_stream_mode(s, mode);
  6262. #else
  6263. return 0;
  6264. #endif
  6265. }
  6266. int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec)
  6267. {
  6268. #ifndef OPENSSL_NO_QUIC
  6269. if (!IS_QUIC(s))
  6270. return 0;
  6271. return ossl_quic_set_incoming_stream_policy(s, policy, aec);
  6272. #else
  6273. return 0;
  6274. #endif
  6275. }
  6276. SSL *SSL_accept_stream(SSL *s, uint64_t flags)
  6277. {
  6278. #ifndef OPENSSL_NO_QUIC
  6279. if (!IS_QUIC(s))
  6280. return NULL;
  6281. return ossl_quic_accept_stream(s, flags);
  6282. #else
  6283. return NULL;
  6284. #endif
  6285. }
  6286. size_t SSL_get_accept_stream_queue_len(SSL *s)
  6287. {
  6288. #ifndef OPENSSL_NO_QUIC
  6289. if (!IS_QUIC(s))
  6290. return 0;
  6291. return ossl_quic_get_accept_stream_queue_len(s);
  6292. #else
  6293. return 0;
  6294. #endif
  6295. }
  6296. int SSL_stream_reset(SSL *s,
  6297. const SSL_STREAM_RESET_ARGS *args,
  6298. size_t args_len)
  6299. {
  6300. #ifndef OPENSSL_NO_QUIC
  6301. if (!IS_QUIC(s))
  6302. return 0;
  6303. return ossl_quic_stream_reset(s, args, args_len);
  6304. #else
  6305. return 0;
  6306. #endif
  6307. }
  6308. int SSL_get_stream_read_state(SSL *s)
  6309. {
  6310. #ifndef OPENSSL_NO_QUIC
  6311. if (!IS_QUIC(s))
  6312. return SSL_STREAM_STATE_NONE;
  6313. return ossl_quic_get_stream_read_state(s);
  6314. #else
  6315. return SSL_STREAM_STATE_NONE;
  6316. #endif
  6317. }
  6318. int SSL_get_stream_write_state(SSL *s)
  6319. {
  6320. #ifndef OPENSSL_NO_QUIC
  6321. if (!IS_QUIC(s))
  6322. return SSL_STREAM_STATE_NONE;
  6323. return ossl_quic_get_stream_write_state(s);
  6324. #else
  6325. return SSL_STREAM_STATE_NONE;
  6326. #endif
  6327. }
  6328. int SSL_get_stream_read_error_code(SSL *s, uint64_t *app_error_code)
  6329. {
  6330. #ifndef OPENSSL_NO_QUIC
  6331. if (!IS_QUIC(s))
  6332. return -1;
  6333. return ossl_quic_get_stream_read_error_code(s, app_error_code);
  6334. #else
  6335. return -1;
  6336. #endif
  6337. }
  6338. int SSL_get_stream_write_error_code(SSL *s, uint64_t *app_error_code)
  6339. {
  6340. #ifndef OPENSSL_NO_QUIC
  6341. if (!IS_QUIC(s))
  6342. return -1;
  6343. return ossl_quic_get_stream_write_error_code(s, app_error_code);
  6344. #else
  6345. return -1;
  6346. #endif
  6347. }
  6348. int SSL_get_conn_close_info(SSL *s, SSL_CONN_CLOSE_INFO *info,
  6349. size_t info_len)
  6350. {
  6351. #ifndef OPENSSL_NO_QUIC
  6352. if (!IS_QUIC(s))
  6353. return -1;
  6354. return ossl_quic_get_conn_close_info(s, info, info_len);
  6355. #else
  6356. return -1;
  6357. #endif
  6358. }
  6359. int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
  6360. {
  6361. unsigned char *data = NULL;
  6362. SSL_DANE *dane = SSL_get0_dane(s);
  6363. int ret;
  6364. if (dane == NULL || dane->dctx == NULL)
  6365. return 0;
  6366. if ((ret = i2d_PUBKEY(rpk, &data)) <= 0)
  6367. return 0;
  6368. ret = SSL_dane_tlsa_add(s, DANETLS_USAGE_DANE_EE,
  6369. DANETLS_SELECTOR_SPKI,
  6370. DANETLS_MATCHING_FULL,
  6371. data, (size_t)ret) > 0;
  6372. OPENSSL_free(data);
  6373. return ret;
  6374. }
  6375. EVP_PKEY *SSL_get0_peer_rpk(const SSL *s)
  6376. {
  6377. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6378. if (sc == NULL || sc->session == NULL)
  6379. return NULL;
  6380. return sc->session->peer_rpk;
  6381. }
  6382. int SSL_get_negotiated_client_cert_type(const SSL *s)
  6383. {
  6384. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6385. if (sc == NULL)
  6386. return 0;
  6387. return sc->ext.client_cert_type;
  6388. }
  6389. int SSL_get_negotiated_server_cert_type(const SSL *s)
  6390. {
  6391. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6392. if (sc == NULL)
  6393. return 0;
  6394. return sc->ext.server_cert_type;
  6395. }
  6396. static int validate_cert_type(const unsigned char *val, size_t len)
  6397. {
  6398. size_t i;
  6399. int saw_rpk = 0;
  6400. int saw_x509 = 0;
  6401. if (val == NULL && len == 0)
  6402. return 1;
  6403. if (val == NULL || len == 0)
  6404. return 0;
  6405. for (i = 0; i < len; i++) {
  6406. switch (val[i]) {
  6407. case TLSEXT_cert_type_rpk:
  6408. if (saw_rpk)
  6409. return 0;
  6410. saw_rpk = 1;
  6411. break;
  6412. case TLSEXT_cert_type_x509:
  6413. if (saw_x509)
  6414. return 0;
  6415. saw_x509 = 1;
  6416. break;
  6417. case TLSEXT_cert_type_pgp:
  6418. case TLSEXT_cert_type_1609dot2:
  6419. default:
  6420. return 0;
  6421. }
  6422. }
  6423. return 1;
  6424. }
  6425. static int set_cert_type(unsigned char **cert_type,
  6426. size_t *cert_type_len,
  6427. const unsigned char *val,
  6428. size_t len)
  6429. {
  6430. unsigned char *tmp = NULL;
  6431. if (!validate_cert_type(val, len))
  6432. return 0;
  6433. if (val != NULL && (tmp = OPENSSL_memdup(val, len)) == NULL)
  6434. return 0;
  6435. OPENSSL_free(*cert_type);
  6436. *cert_type = tmp;
  6437. *cert_type_len = len;
  6438. return 1;
  6439. }
  6440. int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len)
  6441. {
  6442. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6443. return set_cert_type(&sc->client_cert_type, &sc->client_cert_type_len,
  6444. val, len);
  6445. }
  6446. int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len)
  6447. {
  6448. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6449. return set_cert_type(&sc->server_cert_type, &sc->server_cert_type_len,
  6450. val, len);
  6451. }
  6452. int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len)
  6453. {
  6454. return set_cert_type(&ctx->client_cert_type, &ctx->client_cert_type_len,
  6455. val, len);
  6456. }
  6457. int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len)
  6458. {
  6459. return set_cert_type(&ctx->server_cert_type, &ctx->server_cert_type_len,
  6460. val, len);
  6461. }
  6462. int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len)
  6463. {
  6464. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  6465. if (t == NULL || len == NULL)
  6466. return 0;
  6467. *t = sc->client_cert_type;
  6468. *len = sc->client_cert_type_len;
  6469. return 1;
  6470. }
  6471. int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len)
  6472. {
  6473. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  6474. if (t == NULL || len == NULL)
  6475. return 0;
  6476. *t = sc->server_cert_type;
  6477. *len = sc->server_cert_type_len;
  6478. return 1;
  6479. }
  6480. int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len)
  6481. {
  6482. if (t == NULL || len == NULL)
  6483. return 0;
  6484. *t = ctx->client_cert_type;
  6485. *len = ctx->client_cert_type_len;
  6486. return 1;
  6487. }
  6488. int SSL_CTX_get0_server_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len)
  6489. {
  6490. if (t == NULL || len == NULL)
  6491. return 0;
  6492. *t = ctx->server_cert_type;
  6493. *len = ctx->server_cert_type_len;
  6494. return 1;
  6495. }